Unauthorized Access to Sensitive Information via Crafted HTTP Requests
CVE-2024-33506
3.1LOW
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.
Affected Version(s)
FortiManager <= 7.4.2
FortiManager <= 7.2.5
FortiManager <= 7.0.12
Refferences
CVSS V3.1
Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database