CVE-2021-36170
published 2021-10-06CVE-2021-36170: An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker…
low3.2CVSS 3.1
AVLACLPRHUINSCCLINAN
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | < 6.4.7 | 6.4.7 |
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | 7.0.0 – 7.0.1 | — |
| fortinet | fortianalyzervm | — | — |
| fortinet | forticloud | — | — |
| fortinet | fortimanager | < 6.4.7 | 6.4.7 |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 7.0.0 < 7.0.1 | 7.0.1 |
| fortinet | fortimanagervm | — | — |