exploitDog

CVE-2024-31493

Опубликовано: 03 июн. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

Ссылки

https://fortiguard.fortinet.com/psirt/FG-IR-24-052
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-052
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.3.1 (исключая)

EPSS

Процентиль: 64%

0.00465

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-212

Связанные уязвимости

GHSA-qfm4-frr3-p3ph

CVSS3: 6.5

github

больше 1 года назад

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

EPSS

Процентиль: 64%

0.00465

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-212