Admin Access to Backend Logs of Other Organizations via REST API
CVE-2024-45323
2.7LOW
Summary
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.
Affected Version(s)
FortiEDR Manager <= 6.2.1
FortiEDR Manager = 6.0.1
Refferences
CVSS V3.1
Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database