Home
MEDIUM: 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:CDefault status
unaffected
7.0.0 (semver)
affected
Default status
unaffected
7.6.0
affected
7.4.0 (semver)
affected
7.2.0 (semver)
affected
7.1.0 (semver)
affected
7.0.0 (semver)
affected
Description
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at least read-only permission on system maintenance to access backup information via crafted HTTP requests
Problem types
Product status
7.0.0 (semver)
7.6.0
7.4.0 (semver)
7.2.0 (semver)
7.1.0 (semver)
7.0.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-26-124