Rewterz Threat Advisory – CVE-2021-26111 – Fortinet FortiSwitch Denial of Service
June 2, 2021Rewterz Threat Advisory – CVE-2021-29740 – IBM Spectrum Scale Privilege Escalation
June 2, 2021Rewterz Threat Advisory – CVE-2021-26111 – Fortinet FortiSwitch Denial of Service
June 2, 2021Rewterz Threat Advisory – CVE-2021-29740 – IBM Spectrum Scale Privilege Escalation
June 2, 2021Severity
High
Analysis Summary
CVE-2021-22123
Fortinet FortiWeb could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the SAML server configuration page. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Unauthorized Access
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiWeb 6.3.7
- Fortinet FortiWeb 6.2.3
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.