Sensitive Information Exposure in Fortinet's FortiAIOps Product
CVE-2024-27784

6.5MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiaiops
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-27784?

Fortinet's FortiAIOps version 2.0.0 is susceptible to vulnerabilities that may lead to the exposure of sensitive information to unauthorized actors. An authenticated remote attacker could exploit these weaknesses to retrieve confidential data from API endpoints or log files, posing a significant risk to data security and privacy.

Affected Version(s)

FortiAIOps 2.0.0

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-072

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024