Admin Access to Backend Logs of Other Organizations via REST API

CVE-2024-45323

2.7LOW

Key Information

Vendor
Fortinet
Status
Fortiedr Manager
Vendor
CVE Published:
10 September 2024

Summary

An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.

Affected Version(s)

FortiEDR Manager <= 6.2.1

FortiEDR Manager = 6.0.1

Refferences

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.