An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 up to and including 7.4.1 and prior to 7.2.5, FortiAnalyzer version 7.4.0 up to and including 7.4.1 and prior to 7.2.5 and FortiAnalyzer-BigData prior to 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortianalyzer |
||
fortinet fortimanager |
||
fortinet fortianalyzer 7.4.0 |
||
fortinet fortimanager 7.4.0 |
||
fortinet fortimanager 7.4.1 |
||
fortinet fortianalyzer 7.4.1 |