Описание
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0.0 (включая)Версия до 6.0.0 (включая)
Одно из
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00204
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
EPSS
Процентиль: 42%
0.00204
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-732