CVE-2024-47570: An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy…

medium6.6CVSS 3.1

AVNACHPRHUINSUCHIHAH

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration).

Affected

22 ranges

Vendor	Product	Version range	Fixed in
fortinet	fortios	—	—
fortinet	fortios	7.0.4 – 7.0.17	—
fortinet	fortios	>= 7.2.0 < 7.2.8	7.2.8
fortinet	fortios	7.2.0 – 7.2.7	—
fortinet	fortios	>= 7.4.0 < 7.4.4	7.4.4
fortinet	fortios	7.4.0 – 7.4.3	—
fortinet	fortipam	—	—
fortinet	fortipam	—	—
fortinet	fortipam	1.0.0 – 1.4.3	—
fortinet	fortipam	1.1.0 – 1.1.2	—
fortinet	fortipam	1.3.0 – 1.3.1	—
fortinet	fortipam	1.4.0 – 1.4.3	—
fortinet	fortiproxy	—	—
fortinet	fortiproxy	>= 7.2.0 < 7.2.12	7.2.12
fortinet	fortiproxy	7.2.0 – 7.2.11	—
fortinet	fortiproxy	>= 7.4.0 < 7.4.4	7.4.4
fortinet	fortiproxy	7.4.0 – 7.4.3	—
fortinet	fortisase	—	—
fortinet	fortisase	—	—
fortinet	fortisase	—	—
fortinet	fortisra	—	—
fortinet	fortisra	1.4.0 – 1.4.3	—