An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.
References
Link | Resource |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-24-371 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Sep 2024, 16:23
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Fortinet fortiedrmanager
Fortinet |
|
CPE | cpe:2.3:a:fortinet:fortiedrmanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedrmanager:6.0.1:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-371 - Vendor Advisory |
10 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-10 15:15
Updated : 2024-09-20 16:23
NVD link : CVE-2024-45323
Mitre link : CVE-2024-45323
CVE.ORG link : CVE-2024-45323
JSON object : View
Products Affected
fortinet
- fortiedrmanager
CWE