CVE-2024-31493

CWE-2124 documents4 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 30.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisoar
Timeline
PublishedJun 3

Description

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortisoar7.0.07.3.1
CVEListV5fortinet/fortisoar7.2.07.2.2+2

🔴Vulnerability Details

2
CVEList
CVE-2024-31493: An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 72024-06-03
GHSA
GHSA-qfm4-frr3-p3ph: An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 72024-06-03

📋Vendor Advisories

1
Fortinet
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3...2024-06-03
CVE-2024-31493 (MEDIUM CVSS 6.5) | An improper removal of sensitive in | cvebase.io