CVE-2023-44254
published 2024-09-10CVE-2023-44254: An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 6.2.0 < 7.2.5 | 7.2.5 |
| fortinet | fortianalyzer | 6.2.0 – 6.2.12 | — |
| fortinet | fortianalyzer | 6.4.0 – 6.4.14 | — |
| fortinet | fortianalyzer | 7.0.0 – 7.0.12 | — |
| fortinet | fortianalyzer | 7.2.0 – 7.2.4 | — |
| fortinet | fortianalyzer_big_data | 7.2.0 – 7.2.5 | — |
| fortinet | fortianalyzerbigdata | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 6.2.0 < 7.2.5 | 7.2.5 |
| fortinet | fortimanager | 6.2.0 – 6.2.12 | — |
| fortinet | fortimanager | 6.4.0 – 6.4.14 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.12 | — |
| fortinet | fortimanager | 7.2.0 – 7.2.4 | — |