← Back to CVE List

CVE-2023-36638

Published: 2023-09-13T13:15Z
Last Modified: 2024-11-21T08:10Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt