CVE-2024-36509

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-497
View all →

Vulnerability Description

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.

Related Vulnerabilities

CVE-2022-20734

MEDIUM
CVSS:4.4(Medium)

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system...

CWE-4972022

CVE-2024-53683

MEDIUM
CVSS:4.4(Medium)

A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by c...

CWE-4972024

CVE-2023-34209

MEDIUM
CVSS:4.3(Medium)

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the ab...

CWE-4972023

CVE-2024-31419

MEDIUM
CVSS:4.3(Medium)

An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue ...

CWE-4972024

CVE-2024-37070

MEDIUM
CVSS:4.3(Medium)

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

CWE-4972024

CVE-2024-40706

MEDIUM
CVSS:4.3(Medium)

IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.

CWE-4972024