CVE-2018-1354 | THREATINT

Description

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.

PUBLISHED Reserved 2017-12-11 | Published 2018-06-27 | Updated 2024-10-25 | Assigner fortinet

Problem types

Improper Access Control

Product status

FortiManager 6.0.0, 5.6.5 and below versions

affected

FortiAnalyzer 6.0.0, 5.6.5 and below versions

affected

References

www.securitytracker.com/id/1041183 (1041183) vdb-entry

fortiguard.com/advisory/FG-IR-18-014

www.securitytracker.com/id/1041182 (1041182) vdb-entry

www.securityfocus.com/bid/104537 (104537) vdb-entry

www.securitytracker.com/id/1041183 (1041183) vdb-entry

fortiguard.com/advisory/FG-IR-18-014

www.securitytracker.com/id/1041182 (1041182) vdb-entry

www.securityfocus.com/bid/104537 (104537) vdb-entry

cve.org (CVE-2018-1354)

nvd.nist.gov (CVE-2018-1354)

Download JSON

help @ threatint.eu