Vulnerabilities > CVE-2024-45323 - Unspecified vulnerability in Fortinet Fortiedrmanager 6.0.1

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

fortinet

NVD

Published: 2024-09-10

Updated: 2024-09-20

Summary

An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiedrmanager * Fortinet Fortiedrmanager 6.0.1	2

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-371