An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
References
History

Thu, 12 Dec 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortianalyzer Big Data
CPEs cpe:2.3:a:fortinet:fortianalyzer-bigdata:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzer-bigdata
Fortinet fortianalyzer Big Data

Wed, 25 Sep 2024 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortianalyzer-bigdata
CPEs cpe:2.3:a:fortinet:fortianalyzer-bigdata:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzer-bigdata

Tue, 10 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Description An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
First Time appeared Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
Weaknesses CWE-639
CPEs cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:X'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-09-10T14:37:45.294Z

Updated: 2024-09-10T17:13:19.223Z

Reserved: 2023-09-27T12:26:48.750Z

Link: CVE-2023-44254

cve-icon Vulnrichment

Updated: 2024-09-10T17:13:15.602Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-10T15:15:14.173

Modified: 2024-12-12T13:56:07.013

Link: CVE-2023-44254

cve-icon Redhat

No data.