Admin Access to Backend Logs of Other Organizations via REST API
CVE-2024-45323

2.7LOW

Key Information:

Vendor: Fortinet
Status: Fortiedr Manager
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-45323?

An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.

Affected Version(s)

FortiEDR Manager 6.2.0 <= 6.2.1

FortiEDR Manager 6.0.1

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-371

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 27, 2024

Fortinet

What is CVE-2024-45323?

Affected Version(s)

References

CVSS V3.1

Timeline