Description
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
Problem types
Product status
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
6.4.0 (semver)
6.2.0 (semver)
7.4.0 (semver)
7.2.0 (semver)
7.0.0 (semver)
6.4.0 (semver)
6.2.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-23-267
