An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-447 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-03-07T16:04:45.915Z
Updated: 2024-08-02T10:42:25.914Z
Reserved: 2023-01-18T08:30:21.307Z
Link: CVE-2023-23776
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-07T17:15:12.630
Modified: 2023-11-07T04:07:56.713
Link: CVE-2023-23776
Redhat
No data.