An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-20-143 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-11-25T15:47:41.422Z
Updated: 2024-08-03T10:54:03.674Z
Reserved: 2022-08-16T14:17:48.479Z
Link: CVE-2022-38377
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-25T16:15:10.747
Modified: 2023-11-07T03:50:06.800
Link: CVE-2022-38377
Redhat
No data.