An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
2022-11-25T16:15:10.747
2024-11-21T07:16:21.223
Modified
CVSSv3.1: 4.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortianalyzer | ≤ 6.0.12 | Yes |
| Application | fortinet | fortianalyzer | ≤ 6.2.10 | Yes |
| Application | fortinet | fortianalyzer | ≤ 6.4.8 | Yes |
| Application | fortinet | fortianalyzer | ≤ 7.0.3 | Yes |
| Application | fortinet | fortianalyzer | 7.2.0 | Yes |
| Application | fortinet | fortimanager | ≤ 6.0.11 | Yes |
| Application | fortinet | fortimanager | ≤ 6.2.9 | Yes |
| Application | fortinet | fortimanager | ≤ 6.4.7 | Yes |
| Application | fortinet | fortimanager | ≤ 7.0.3 | Yes |
| Application | fortinet | fortimanager | 7.2.0 | Yes |