Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

Published

2024-06-03T08:15:09.097

Last Modified

2025-01-21T21:49:55.390

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-212

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortisoar	< 7.3.1	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-052 Vendor Advisory ([email protected])
https://fortiguard.fortinet.com/psirt/FG-IR-24-052 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)