Potential Exposure of Sensitive Information Through Crafted HTTP or HTTPS Requests
CVE-2023-44255

4.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortimanager; Fortianalyzer
Vendor: CVE Published:; 12 November 2024

What is CVE-2023-44255?

In Fortinet FortiManager prior to version 7.4.2, FortiAnalyzer prior to version 7.4.2, and FortiAnalyzer-BigData prior to version 7.2.5, an exposure of sensitive information allows a privileged attacker with administrative read permissions to potentially access event logs pertaining to another Administrative Domain (ADOM) through specially crafted HTTP or HTTPS requests. This flaw highlights the importance of securing event log access and ensuring that sensitive information remains isolated within configured administrative boundaries.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiAnalyzer 7.4.0 <= 7.4.2

FortiAnalyzer 7.2.0 <= 7.2.3

FortiAnalyzer 7.0.0 <= 7.0.13

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-267

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Sep 27, 2023

JSON

Fortinet