An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-522 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Sep 2023, 15:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortinet fortianalyzer
Fortinet fortimanager Fortinet |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* |
|
References | (MISC) https://fortiguard.com/psirt/FG-IR-22-522 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
13 Sep 2023, 13:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-13 13:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-36638
Mitre link : CVE-2023-36638
CVE.ORG link : CVE-2023-36638
JSON object : View
Products Affected
fortinet
- fortimanager
- fortianalyzer
CWE