CVE-2023-44255 | THREATINT

Description

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.

Reserved 2023-09-27 | Published 2024-11-12 | Updated 2024-11-13 | Assigner fortinet

LOW: 3.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C

Problem types

Information disclosure

Product status

Default status

unaffected

7.4.0

affected

7.2.0

affected

7.0.0

affected

6.4.0

affected

6.2.0

affected

Default status

unaffected

7.4.0

affected

7.2.0

affected

7.0.0

affected

6.4.0

affected

6.2.0

affected

References

fortiguard.fortinet.com/psirt/FG-IR-23-267

cve.org (CVE-2023-44255)

nvd.nist.gov (CVE-2023-44255)

Download JSON

https://cve.threatint.eu/CVE/CVE-2023-44255