Potential Exposure of Sensitive Information Through Crafted HTTP or HTTPS Requests

CVE-2023-44255

3.9LOW

Key Information

Vendor: Fortinet
Status: Fortimanager; Fortianalyzer
Vendor: CVE Published:; 12 November 2024

Summary

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.

Affected Version(s)

FortiManager <= 7.4.2

FortiManager <= 7.2.5

FortiManager <= 7.0.13

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Nov 12, 2024
Vulnerability Reserved.
Sep 27, 2023

Collectors

NVD DatabaseMitre Database