CVE-2024-45323

An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiedrmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiedrmanager:6.0.1:*:*:*:*:*:*:*

History

20 Sep 2024, 16:23

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de control de acceso indebido [CWE-284] en FortiEDR Manager API 6.2.0 a 6.2.2, 6.0 todas las versiones puede permitir, en un contexto de entorno compartido, que un administrador autenticado con permisos de API REST en su perfil y restringido a una organización específica acceda a registros de backend que incluyen información relacionada con otras organizaciones.
First Time Fortinet fortiedrmanager
Fortinet
CPE cpe:2.3:a:fortinet:fortiedrmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiedrmanager:6.0.1:*:*:*:*:*:*:*
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 2.7
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-371 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-371 - Vendor Advisory

10 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 15:15

Updated : 2024-09-20 16:23


NVD link : CVE-2024-45323

Mitre link : CVE-2024-45323

CVE.ORG link : CVE-2024-45323


JSON object : View

Products Affected

fortinet

  • fortiedrmanager
CWE
NVD-CWE-Other CWE-284

Improper Access Control