How severe is CVE-2024-36509?

CVE-2024-36509 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2024-36509

Name: fortiweb
Author: fortinet

4.2MEDIUM

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and b

Опубликовано: 11/12/2024Обновлено: 11/14/2024

Описание

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.

ИИ-АнализНа базе ИИ

Затронутые продукты

fortinetfortiweb

7.6.0

Ссылки

https://fortiguard.fortinet.com/psirt/FG-IR-24-180
Vendor Advisory