CVE-2023-36551

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 35.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisiem

Timeline

PublishedSep 13

Description

A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortisiem6.7.0 — 6.7.6

▶CVEListV5fortinet/fortisiem6.7.0 — 6.7.5

🔴Vulnerability Details

GHSA

GHSA-7v7p-63mf-332c: A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6↗2023-09-13

▶

CVEList

CVE-2023-36551: A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6↗2023-09-13

▶

📋Vendor Advisories

Fortinet

A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows at...↗2023-09-13

▶