PT-2024-5557 · Fortinet · Fortiaiops

Published

2024-07-09

Updated

2026-01-09

CVE-2024-27784

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0

Description The issue concerns the exposure of sensitive information to unauthorized actors. An authenticated, remote attacker may retrieve sensitive information from the API endpoint or log files. This is related to a lack of protection for service data.

Recommendations For FortiAIOps version 2.0.0, consider restricting access to the API endpoint and log files to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the privileges of authenticated users to reduce the potential impact of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-532

Related Identifiers

BDU:2024-06236

CVE-2024-27784

Affected Products

Fortiaiops

PT-2024-5557 · Fortinet · Fortiaiops

CVE-2024-27784

Weakness Enumeration

Related Identifiers

Affected Products

References · 11