Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Fortinet FortiManager 安全漏洞
Vulnerability Description
Fortinet FortiManager是美国飞塔(Fortinet)公司的一套集中化网络安全管理平台。该平台支持集中管理任意数量的Fortinet设备,并能够将设备分组到不同的管理域(ADOM)进一步简化多设备安全部署与管理。 Fortinet FortiManager存在安全漏洞,该漏洞源于通过用户控制密钥,允许低权限的远程攻击者通过精心设计的 HTTP 请求读取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A