MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2021-22131

CVSS 6.4v3.1pub. 2022-07-18upd. 2024-11-21

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
  • Fortinet Fortitoken Mobile

    APP
    Fortinet
    0.4.100.4.203.0.03.0.13.0.23.0.33.0.43.0.54.0.04.0.14.0.34.1.04.1.14.2.04.2.1+ 7 więcej
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-44279MEDIUM5.5ten sam produkt

An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versi...

CVE-2021-44166MEDIUM4.1ten sam produkt

An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification ...

CVE-2026-35616CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiClientEMS — nieuwierzytelnione wykonanie kodu (Auth Bypass)

CVE-2026-21643CRITICAL9.8⚠ KEVPL ✓ten sam vendor

SQL Injection w Fortinet FortiClientEMS — nieautoryzowane wykonanie kodu

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach