CVE-2024-52966 — Sensitive Information Exposure in Fortinet Fortianalyzer

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

2.3LOWNVD

EPSS

0.0%

top 85.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer

Timeline

PublishedFeb 11

Description

An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/fortianalyzer6.4.0 — 7.2.8+2

▶CVEListV5fortinet/fortianalyzer7.4.0 — 7.4.4+4

🔴Vulnerability Details

GHSA

GHSA-hpjc-rrq5-mqv8: An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6↗2025-02-11

▶

CVEList

CVE-2024-52966: An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6↗2025-02-11

▶

📋Vendor Advisories

Fortinet

Disclosure of Logs of Devices not belonging to the Current ADOM from Log View↗2025-02-11

▶