CVE-2023-44255

Medium

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2…

fortinet·CWE-359·Published 2024-11-12

CVSS

4.1

EPSS

0.01

KEV

Exploits

cve.orgen

316 chars

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.

NVDen

316 chars

NVDes

364 chars

Una exposición de información confidencial a un actor no autorizado [CWE-200] en Fortinet FortiManager anterior a 7.4.2, FortiAnalyzer anterior a 7.4.2 y FortiAnalyzer-BigData anterior a 7.2.5 puede permitir que un atacante privilegiado con permisos de lectura administrativos lea registros de eventos de otro adom a través de solicitudes HTTP o HTTPS manipuladas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
3.1	Primary	cve.org	3.9	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C
3.1	Primary	cve.org	3.9	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C
3.1	Secondary	NVD	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N