An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-20-143 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-11-25 08:15
Updated : 2022-12-01 05:28
NVD link : CVE-2022-38377
Mitre link : CVE-2022-38377
JSON object : View
CWE
Products Affected
fortinet
- fortianalyzer
- fortimanager