exploitDog

GHSA-4c39-5qhc-788c

Опубликовано: 15 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5

Описание

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.

Ссылки

EPSS

Процентиль: 55%

0.0033

Низкий

5 Medium

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2023-44253

CVSS3: 5

nvd

почти 2 года назад

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.

BDU:2024-01456

CVSS3: 5

fstec

почти 2 года назад

Уязвимость программного средства централизованного управления устройствами Fortinet FortiManager и средств отслеживания и анализа событий безопасности FortiAnalyzer и FortiAnalyzer-BigData, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 55%

0.0033

Низкий

5 Medium

CVSS3

CVE ID

Дефекты

CWE-200