How severe is CVE-2021-43074?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2021-43074?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2021-43074 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.

Related Vulnerabilities

CVE-2019-10136

MEDIUM

CVSS:4.3(Medium)

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around,...

CWE-3472019

CVE-2020-36843

MEDIUM

CVSS:4.3(Medium)

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Atta...

CWE-3472020

CVE-2021-23992

MEDIUM

CVSS:4.3(Medium)

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID...

CWE-3472021

CVE-2023-1204

MEDIUM

CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A...

CWE-3472023

CVE-2023-41037

MEDIUM

CVSS:4.3(Medium)

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable withou...

CWE-3472023

CVE-2025-43903

MEDIUM

CVSS:4.3(Medium)

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

CWE-3472025