Home
LOW: 3.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:CDefault status
unaffected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
6.4.0 (semver)
affected
6.2.0 (semver)
affected
Default status
unaffected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.0.0 (semver)
affected
6.4.0 (semver)
affected
6.2.0 (semver)
affected
Description
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
Problem types
Product status
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
6.4.0 (semver)
6.2.0 (semver)
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
6.4.0 (semver)
6.2.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-23-267
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
