PT-2024-27040 · Fortinet · Fortiweb
Published
2024-11-12
·
Updated
2024-11-14
·
CVE-2024-36509
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FortiWeb versions 6.3.23 and below
FortiWeb versions 7.0.10 and below
FortiWeb versions 7.2.10 and below
FortiWeb versions 7.4.3 and below
FortiWeb version 7.6.0
Description
The issue allows an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page, due to an exposure of sensitive system information to an unauthorized control sphere.
Recommendations
For FortiWeb versions 6.3.23 and below, update to a version above 6.3.23 to resolve the issue.
For FortiWeb versions 7.0.10 and below, update to a version above 7.0.10 to resolve the issue.
For FortiWeb versions 7.2.10 and below, update to a version above 7.2.10 to resolve the issue.
For FortiWeb versions 7.4.3 and below, update to a version above 7.4.3 to resolve the issue.
For FortiWeb version 7.6.0, update to a version above 7.6.0 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiweb