Описание
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
4.2 Medium
CVSS3
4.4 Medium
CVSS3
Дефекты
Связанные уязвимости
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
EPSS
4.2 Medium
CVSS3
4.4 Medium
CVSS3