Sign-up

ID

VAR-201802-0011


CVE

CVE-2012-6347


TITLE

FortiDB Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-006403

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf. FortiDB Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiGate FortiDB is a scalable database security solution developed by Fortinet. (Multiple files include: (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf , (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf or (10) mapolicymgmt/maPolicyMasterList.jsf)

Trust: 1.71

sources: NVD: CVE-2012-6347 // JVNDB: JVNDB-2012-006403 // VULHUB: VHN-59628

AFFECTED PRODUCTS

vendor:fortinetmodel:fortidbscope:lteversion:4.4.1

Trust: 1.0

vendor:fortinetmodel:fortidbscope:ltversion:4.4.2

Trust: 0.8

vendor:fortinetmodel:fortidbscope:eqversion:4.4.1

Trust: 0.6

sources: JVNDB: JVNDB-2012-006403 // CNNVD: CNNVD-201802-335 // NVD: CVE-2012-6347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6347
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-6347
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201802-335
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59628
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-6347
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59628
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2012-6347
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-59628 // JVNDB: JVNDB-2012-006403 // CNNVD: CNNVD-201802-335 // NVD: CVE-2012-6347

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-59628 // JVNDB: JVNDB-2012-006403 // NVD: CVE-2012-6347

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-335

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201802-335

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006403

PATCH
title:FG-IR-012-007url:https://fortiguard.com/psirt/FG-IR-012-007
Trust: 0.8
title:Fortinet FortiGate FortiDB Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78432
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2012-006403 // 
            
            
            
            CNNVD: CNNVD-201802-335

EXTERNAL IDS
db:NVDid:CVE-2012-6347
Trust: 2.5
db:JVNDBid:JVNDB-2012-006403
Trust: 0.8
db:CNNVDid:CNNVD-201802-335
Trust: 0.7
db:VULHUBid:VHN-59628
Trust: 0.1
sources:
            
            
            VULHUB: VHN-59628 // 
            
            
            
            JVNDB: JVNDB-2012-006403 // 
            
            
            
            CNNVD: CNNVD-201802-335 // 
            
            
            
            NVD: CVE-2012-6347

REFERENCES
url:https://fortiguard.com/psirt/fg-ir-012-007
Trust: 1.7
url:https://www.vulnerability-lab.com/get_content.php?id=558
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6347
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2012-6347
Trust: 0.8
sources:
            
            
            VULHUB: VHN-59628 // 
            
            
            
            JVNDB: JVNDB-2012-006403 // 
            
            
            
            CNNVD: CNNVD-201802-335 // 
            
            
            
            NVD: CVE-2012-6347

SOURCES
db:VULHUBid:VHN-59628
db:JVNDBid:JVNDB-2012-006403
db:CNNVDid:CNNVD-201802-335
db:NVDid:CVE-2012-6347

LAST UPDATE DATE
2024-08-14T14:05:17.084000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-59628date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2012-006403date:2018-03-13T00:00:00
db:CNNVDid:CNNVD-201802-335date:2018-02-11T00:00:00
db:NVDid:CVE-2012-6347date:2018-02-27T15:59:00.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-59628date:2018-02-09T00:00:00
db:JVNDBid:JVNDB-2012-006403date:2018-03-13T00:00:00
db:CNNVDid:CNNVD-201802-335date:2018-02-11T00:00:00
db:NVDid:CVE-2012-6347date:2018-02-09T22:29:00.300