An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 up to and including 7.0.3, 6.4.0 up to and including 6.4.7, 6.2.0 up to and including 6.2.9, 6.0.0 up to and including 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 up to and including 7.0.3, 6.4.0 up to and including 6.4.8, 6.2.0 up to and including 6.2.10, 6.0.0 up to and including 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortimanager |
||
fortinet fortianalyzer |
||
fortinet fortimanager 7.2.0 |
||
fortinet fortianalyzer 7.2.0 |