Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-36509

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.

Published

2024-11-12T19:15:10.440

Last Modified

2024-11-14T20:33:44.727

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

Weaknesses

Type: Primary
CWE-497

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiweb	< 7.4.4	Yes
Application	fortinet	fortiweb	7.6.0	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-180 Vendor Advisory ([email protected])