Details of VAR-202206-0751

ID

VAR-202206-0751

CVE

CVE-2022-22304

TITLE

FortiAuthenticator OWA Agent for Microsoft Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015236

DESCRIPTION

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. FortiAuthenticator OWA Agent for Microsoft Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet. Fortinet FortiAuthenticator has a cross-site scripting vulnerability caused by insufficient sanitization of user-supplied data. A remote attacker could exploit this vulnerability to trick a victim into following a specially crafted link and execute arbitrary HTML and script code in a vulnerable browser

Trust: 1.71

sources: NVD: CVE-2022-22304 // JVNDB: JVNDB-2022-015236 // VULHUB: VHN-410858

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiauthenticator agent for microsoft outlook web access	scope:	eq	version:	2.1	Trust: 1.0
vendor:	fortinet	model:	fortiauthenticator agent for microsoft outlook web access	scope:	eq	version:	2.2	Trust: 1.0
vendor:	フォーティネット	model:	fortiauthenticator agent for microsoft outlook web access	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiauthenticator agent for microsoft outlook web access	scope:	eq	version:	2.2	Trust: 0.8
vendor:	フォーティネット	model:	fortiauthenticator agent for microsoft outlook web access	scope:	eq	version:	2.1	Trust: 0.8

sources: JVNDB: JVNDB-2022-015236 // NVD: CVE-2022-22304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22304
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2022-22304
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-015236
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202206-752
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-22304
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-015236
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015236 // CNNVD: CNNVD-202206-752 // NVD: CVE-2022-22304 // NVD: CVE-2022-22304

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-410858 // JVNDB: JVNDB-2022-015236 // NVD: CVE-2022-22304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-752

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202206-752

PATCH

title:	FG-IR-22-021	url:	https://www.fortiguard.com/psirt/FG-IR-22-021	Trust: 0.8
title:	Fortinet FortiAuthenticator Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195165	Trust: 0.6

sources: JVNDB: JVNDB-2022-015236 // CNNVD: CNNVD-202206-752

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22304	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-015236	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-752	Trust: 0.7
db:	CS-HELP	id:	SB2022060726	Trust: 0.6
db:	VULHUB	id:	VHN-410858	Trust: 0.1

sources: VULHUB: VHN-410858 // JVNDB: JVNDB-2022-015236 // CNNVD: CNNVD-202206-752 // NVD: CVE-2022-22304

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-021	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22304	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-22304/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060726	Trust: 0.6

sources: VULHUB: VHN-410858 // JVNDB: JVNDB-2022-015236 // CNNVD: CNNVD-202206-752 // NVD: CVE-2022-22304

SOURCES

db:	VULHUB	id:	VHN-410858
db:	JVNDB	id:	JVNDB-2022-015236
db:	CNNVD	id:	CNNVD-202206-752
db:	NVD	id:	CVE-2022-22304

LAST UPDATE DATE

2024-08-14T15:42:23.968000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-410858	date:	2022-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2022-015236	date:	2023-09-26T01:54:00
db:	CNNVD	id:	CNNVD-202206-752	date:	2022-07-26T00:00:00
db:	NVD	id:	CVE-2022-22304	date:	2022-07-25T03:22:26.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-410858	date:	2022-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015236	date:	2023-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202206-752	date:	2022-06-07T00:00:00
db:	NVD	id:	CVE-2022-22304	date:	2022-07-18T17:15:08.667