An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-20-143 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Dec 2022, 13:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
References | (MISC) https://fortiguard.com/psirt/FG-IR-20-143 - Patch, Vendor Advisory | |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* |
25 Nov 2022, 18:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-25 16:15
Updated : 2024-02-04 23:14
NVD link : CVE-2022-38377
Mitre link : CVE-2022-38377
CVE.ORG link : CVE-2022-38377
JSON object : View
Products Affected
fortinet
- fortianalyzer
- fortimanager
CWE