Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Fortinet FortiIsolator 访问控制错误漏洞
Vulnerability Description
Fortinet FortiIsolator是美国飞塔(Fortinet)公司的一个为浏览器提供远程安全隔离功能的应用。该应用为Fortinet Security Fabric添加了额外的高级威胁防护功能,并保护关键业务数据免受网络上复杂威胁的侵害。来自Web的内容和文件在远程容器中访问,然后将无风险的内容呈现给用户。 Fortinet FortiIsolator 2.4.4版本、2.4.3版本、2.3所有版本存在访问控制错误漏洞,该漏洞源于日志组件访问控制不当,可能导致远程认证只读攻击者通过特制HTTP
CVSS Information
N/A
Vulnerability Type
N/A