{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:34:36.538","vulnerabilities":[{"cve":{"id":"CVE-2021-36195","sourceIdentifier":"psirt@fortinet.com","published":"2021-12-08T19:15:09.837","lastModified":"2024-11-21T06:13:17.890","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments."},{"lang":"es","value":"Múltiples vulnerabilidades de inyección de comandos en el intérprete de línea de comandos de FortiWeb versiones 6.4.1, 6.4.0, 6.3.0 hasta 6.3.15, 6.2.0 hasta 6.2.6, y 6.1.0 hasta 6.1.2, pueden permitir a un atacante autenticado ejecutar comandos arbitrarios en el shell del sistema subyacente por medio de argumentos de comando especialmente diseñados"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.5","matchCriteriaId":"60265BD0-4C66-43FF-898B-9433B4D4B0F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndIncluding":"6.3.15","matchCriteriaId":"F59449EE-C44E-4EE7-80DC-5194A9B5B4CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"96B929BB-7B7A-40D2-AB13-D4FDD41FD159"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"1A3C5370-3453-4F07-B551-7E36F815578C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"415AF153-2A59-488B-A78B-D98B7F39B5AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*","matchCriteriaId":"74A92A08-E6F6-4522-A6DA-061950AD3525"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-157","source":"psirt@fortinet.com","tags":["Patch","Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-157","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}