First published: Tue Nov 02 2021(Updated: )
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWLM | >=8.2.2<=8.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36184 is a vulnerability in Fortinet FortiWLM version 8.6.1 and below that allows an attacker to disclose device, users, and database information through crafted HTTP requests by exploiting an SQL injection vulnerability.
CVE-2021-36184 has a severity rating of high (6.5).
CVE-2021-36184 can be exploited by an attacker to obtain sensitive information from the Fortinet FortiWLM device, users, and database.
Fortinet FortiWLM versions 8.6.1 and below are affected by CVE-2021-36184.
Yes, Fortinet has released a security advisory (FG-IR-21-107) with mitigation measures and updates to address the CVE-2021-36184 vulnerability.