CVE-2023-36638
CVSS V2 None
CVSS V3 None
Description
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
Overview
- CVE ID
- CVE-2023-36638
- Assigner
- fortinet
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-09-13T12:29:36.809Z
- Last Modified Date
- 2023-09-13T12:29:36.809Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-522 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-36638 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36638 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 16:55:55 | Added to TrackCVE |