Home

Description

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

PUBLISHED Reserved 2021-07-06 | Published 2021-10-06 | Updated 2024-10-25 | Assigner fortinet




LOW: 3.2CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C

Problem types

Information disclosure

Product status

FortiManager 7.0.0, 6.4.6; FortiAnalyzer 7.0.0, 6.4.6
affected

References

fortiguard.com/advisory/FG-IR-21-112

fortiguard.com/advisory/FG-IR-21-112

cve.org (CVE-2021-36170)

nvd.nist.gov (CVE-2021-36170)

Download JSON