PT-2024-24119 · Fortinet · Fortisoar
Published
2024-06-03
·
Updated
2025-01-21
·
CVE-2024-31493
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiSOAR versions 7.0.3 and below
FortiSOAR versions 7.2.2 and below
FortiSOAR version 7.3.0
Description
The issue allows an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses due to an improper removal of sensitive information before storage or transfer.
Recommendations
For FortiSOAR versions 7.0.3 and below, update to a version that fixes the improper removal of sensitive information before storage or transfer.
For FortiSOAR versions 7.2.2 and below, update to a version that fixes the improper removal of sensitive information before storage or transfer.
For FortiSOAR version 7.3.0, update to a version that fixes the improper removal of sensitive information before storage or transfer.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisoar