admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-236xx/CVE-2024-23665.json
cad-safe-bot b18b1b8d01 Auto-Update: 2024-12-17T17:00:37.496493+00:00
2024-12-17 17:04:01 +00:00

147 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-23665",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T10:15:12.870",
"lastModified": "2024-12-17T16:43:37.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de autorizaci\u00f3n inadecuada [CWE-285] en FortiWeb versi\u00f3n 7.4.2 y anteriores, versi\u00f3n 7.2.7 y siguientes, versi\u00f3n 7.0.10 y siguientes, versi\u00f3n 6.4.3 y siguientes, versi\u00f3n 6.3.23 y siguientes pueden permitir un atacante autenticado para realizar operaciones ADOM no autorizadas a trav\u00e9s de solicitudes manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.0",
"versionEndIncluding": "6.3.23",
"matchCriteriaId": "29BAA789-62A7-4040-B6F7-8E70FFBA0399"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndIncluding": "6.4.3",
"matchCriteriaId": "AF5ED7B3-39F3-49FD-82D9-72CAB2D68636"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.10",
"matchCriteriaId": "744A540A-BC0F-4F64-8F26-F309D895359B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.8",
"matchCriteriaId": "AA10A5FC-77B4-4FEE-AB50-EF76450268A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.3",
"matchCriteriaId": "B35B6E72-8578-4C35-80CF-66D0B74DAFC4"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-474",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-474",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink