CVE-2024-47570

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0 through 7.4.3 FortiProxy versions 7.2.0 through 7.4.3 FortiPAM versions 1.0 through 1.4 FortiSRA version 1.4

Description A flaw exists where sensitive information can be written to log files. Specifically, a read-only administrator may be able to obtain API tokens belonging to other administrators by examining REST API logs, provided REST API logging is enabled. The REST API logs are involved in this issue. The vulnerable parameter is the API token.

Recommendations FortiOS versions prior to 7.4.4 FortiProxy versions prior to 7.2.12 FortiPAM versions prior to 1.5 FortiSRA versions prior to 1.5

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

BDU:2026-00835

CVE-2024-47570

Affected Products

Fortios

Fortipam

Fortiproxy

Fortisra

CVE-2024-47570

Weakness Enumeration

Related Identifiers

Affected Products

References · 5