{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T11:34:07.496","vulnerabilities":[{"cve":{"id":"CVE-2021-43071","sourceIdentifier":"psirt@fortinet.com","published":"2021-12-09T10:15:11.953","lastModified":"2024-11-21T06:28:38.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller."},{"lang":"es","value":"Un desbordamiento del búfer en la región heap de la memoria en Fortinet FortiWeb versión 6.4.1 y 6.4.0, versión 6.3.15 y anteriores, versión 6.2.6 y anteriores, permite a un atacante ejecutar código o comandos no autorizados por medio de peticiones HTTP diseñadas al controlador de la API LogReport"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.6","matchCriteriaId":"5F9F1235-608A-4301-904F-8CA38A153E88"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndIncluding":"6.3.16","matchCriteriaId":"AC47B157-AB53-4BA7-B591-A140F6845592"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*","matchCriteriaId":"74A92A08-E6F6-4522-A6DA-061950AD3525"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A6A3D2C4-C3FA-4E12-9156-DAFEA4E00BCC"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-188","source":"psirt@fortinet.com","tags":["Patch","Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-188","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}