Unrated severityNVD Advisory· Published Nov 25, 2022· Updated Oct 22, 2024
CVE-2022-38377
CVE-2022-38377
Description
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Affected products
47.2.0, 7.0.0-7.0.3, 6.4.0-6.4.8, 6.2.0-6.2.10, 6.0.0-6.0.12+ 1 more
- (no CPE)range: 7.2.0, 7.0.0-7.0.3, 6.4.0-6.4.8, 6.2.0-6.2.10, 6.0.0-6.0.12
- (no CPE)range: 7.2.0
7.2.0, 7.0.0-7.0.3, 6.4.0-6.4.7, 6.2.0-6.2.9, 6.0.0-6.0.11+ 1 more
- (no CPE)range: 7.2.0, 7.0.0-7.0.3, 6.4.0-6.4.7, 6.2.0-6.2.9, 6.0.0-6.0.11
- (no CPE)range: 7.2.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.