{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-34991", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-06-09T06:59:37.970Z", "datePublished": "2023-11-14T18:07:32.529Z", "dateUpdated": "2025-12-16T18:23:21.749Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiWLM", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "8.6.0", "lessThanOrEqual": "8.6.5", "status": "affected"}, {"versionType": "semver", "version": "8.5.0", "lessThanOrEqual": "8.5.4", "status": "affected"}, {"versionType": "semver", "version": "8.4.0", "lessThanOrEqual": "8.4.2", "status": "affected"}, {"versionType": "semver", "version": "8.3.0", "lessThanOrEqual": "8.3.2", "status": "affected"}, {"version": "8.2.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-11-14T18:07:32.529Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-142", "url": "https://fortiguard.com/psirt/FG-IR-23-142"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:17:04.270Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-142", "url": "https://fortiguard.com/psirt/FG-IR-23-142", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34991", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-15T14:59:14.045632Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-16T18:23:21.749Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-142", "name": "https://fortiguard.com/psirt/FG-IR-23-142", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:17:04.270Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34991", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-15T14:59:14.045632Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T20:51:48.813Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Fortinet", "product": "FortiWLM", "versions": [{"status": "affected", "version": "8.6.0", "versionType": "semver", "lessThanOrEqual": "8.6.5"}, {"status": "affected", "version": "8.5.0", "versionType": "semver", "lessThanOrEqual": "8.5.4"}, {"status": "affected", "version": "8.4.0", "versionType": "semver", "lessThanOrEqual": "8.4.2"}, {"status": "affected", "version": "8.3.0", "versionType": "semver", "lessThanOrEqual": "8.3.2"}, {"status": "affected", "version": "8.2.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-142", "name": "https://fortiguard.com/psirt/FG-IR-23-142"}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-11-14T18:07:32.529Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34991", "state": "PUBLISHED", "dateUpdated": "2025-12-16T18:23:21.749Z", "dateReserved": "2023-06-09T06:59:37.970Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-11-14T18:07:32.529Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*", "matchCriteriaId": "929F1380-4410-466D-9203-62414DC7A39E", "versionEndIncluding": "8.5.4", "versionStartIncluding": "8.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCEDF5B8-C922-48DD-926D-788A53ACD684", "versionEndIncluding": "8.6.5", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2DBECF3-69BD-4622-B0B3-1F0552CBB3E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A60E7E2-8A10-4C69-A86C-2D680C5E056A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F831179F-EC2D-4B8A-B433-CA395C1FEDA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "F036687E-4682-4773-9A28-33B9DB40C976", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "22C854E0-5DD1-4EB6-8F84-243067C27AE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "60787CAF-DF95-4691-A3C5-4A1A517DD146", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9771B20-5C37-41ED-9DD9-19DCE1FD0F6B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request."}, {"lang": "es", "value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando sql (\"inyecci\u00f3n sql\") en Fortinet FortiWLM versi\u00f3n 8.6.0 a 8.6.5 y 8.5.0 a 8.5.4 y 8.4.0 a 8.4.2 y 8.3.0 a 8.3 .2 y 8.2.2 permiten a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de una solicitud http manipuladas."}], "id": "CVE-2023-34991", "lastModified": "2024-11-21T08:07:47.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T18:15:30.443", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-142"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}

{}

{}