CVE-2024-52966

Name of the Vulnerable Software and Affected Versions: Fortinet FortiAnalyzer versions 6.4.0 through 7.6.0

Description: The issue allows an unauthorized actor to cause information disclosure via filter manipulation, potentially leading to the exposure of sensitive information. This is related to insufficient protection of service data in the Log View component of FortiAnalyzer, which could enable an attacker to read event logs from another domain.

Recommendations: For Fortinet FortiAnalyzer versions 6.4.0 through 7.6.0, consider restricting access to the Log View component as a temporary workaround until a patch is available. Additionally, review filter configurations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.