CVE-2022-38377

Name of the Vulnerable Software and Affected Versions FortiManager versions 6.0.0 through 6.0.11 FortiManager versions 6.2.0 through 6.2.9 FortiManager versions 6.4.0 through 6.4.7 FortiManager versions 7.0.0 through 7.0.3 FortiManager version 7.2.0 FortiAnalyzer versions 6.0.0 through 6.0.12 FortiAnalyzer versions 6.2.0 through 6.2.10 FortiAnalyzer versions 6.4.0 through 6.4.8 FortiAnalyzer versions 7.0.0 through 7.0.3 FortiAnalyzer version 7.2.0

Description An improper access control issue may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs' information, such as device information and dashboard information.

Recommendations For FortiManager versions 6.0.0 through 6.0.11, update to a fixed version to resolve the issue. For FortiManager versions 6.2.0 through 6.2.9, update to a fixed version to resolve the issue. For FortiManager versions 6.4.0 through 6.4.7, update to a fixed version to resolve the issue. For FortiManager versions 7.0.0 through 7.0.3, update to a fixed version to resolve the issue. For FortiManager version 7.2.0, update to a fixed version to resolve the issue. For FortiAnalyzer versions 6.0.0 through 6.0.12, update to a fixed version to resolve the issue. For FortiAnalyzer versions 6.2.0 through 6.2.10, update to a fixed version to resolve the issue. For FortiAnalyzer versions 6.4.0 through 6.4.8, update to a fixed version to resolve the issue. For FortiAnalyzer versions 7.0.0 through 7.0.3, update to a fixed version to resolve the issue. For FortiAnalyzer version 7.2.0, update to a fixed version to resolve the issue.