What is CVE-2023-34991?

CVE-2023-34991 is a critical-severity vulnerability in Fortinet Fortiwlm, classified under SQL Injection. CVSS score: 9.3/10. Published 2023-11-14.

How severe is CVE-2023-34991?

Critical severity. CVSS v3 base score is 9.3 out of 10.

SQL Injection in Fortinet Fortiwlm

CVE-2023-34991

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to ex…

Vulnerability class: SQL Injection

EPSS: 0.098 (93.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.3 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X.

Affected products

Fortinet Fortiwlm — versions 8.6.0, 8.5.0, 8.4.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://fortiguard.com/psirt/FG-IR-23-142

Frequently asked questions

What is CVE-2023-34991?: CVE-2023-34991 is a critical-severity vulnerability in Fortinet Fortiwlm, classified under SQL Injection. CVSS score: 9.3/10. Published 2023-11-14.
How severe is CVE-2023-34991?: Critical severity. CVSS v3 base score is 9.3 out of 10.