CVE-2024-45323

Summary

An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiEDR Manager6.2.0 <= 6.2.1affected
FortinetFortiEDR Manager6.0.1affected

Weaknesses

  • CWE-284: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References