An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortianalyzer | Fortinet | 6.2.0 (including) | 6.2.12 (including) |
Fortianalyzer | Fortinet | 6.4.0 (including) | 6.4.14 (including) |
Fortianalyzer | Fortinet | 7.0.0 (including) | 7.0.11 (including) |
Fortianalyzer | Fortinet | 7.2.0 (including) | 7.2.3 (including) |
Fortianalyzer | Fortinet | 7.4.0 (including) | 7.4.0 (including) |
Fortianalyzer | Fortinet | 7.4.1 (including) | 7.4.1 (including) |
Fortimanager | Fortinet | 6.2.0 (including) | 6.2.12 (including) |
Fortimanager | Fortinet | 6.4.0 (including) | 6.4.14 (including) |
Fortimanager | Fortinet | 7.0.0 (including) | 7.0.11 (including) |
Fortimanager | Fortinet | 7.2.0 (including) | 7.2.3 (including) |
Fortimanager | Fortinet | 7.4.0 (including) | 7.4.0 (including) |
Fortimanager | Fortinet | 7.4.1 (including) | 7.4.1 (including) |