How severe is CVE-2024-36509?

CVE-2024-36509 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2024-36509

Name: fortiweb
Author: fortinet

4.2MEDIUM

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and b

Veröffentlicht: 11/12/2024Aktualisiert: 11/14/2024

Beschreibung

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.

KI-AnalyseKI-gestützt

Betroffene Produkte

fortinetfortiweb

7.6.0

Referenzen

https://fortiguard.fortinet.com/psirt/FG-IR-24-180
Vendor Advisory