CVE-2024-23665

{"id": "CVE-2024-23665", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-03T10:15:12.870", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-474", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-474", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de autorizaci\u00f3n inadecuada [CWE-285] en FortiWeb versi\u00f3n 7.4.2 y anteriores, versi\u00f3n 7.2.7 y siguientes, versi\u00f3n 7.0.10 y siguientes, versi\u00f3n 6.4.3 y siguientes, versi\u00f3n 6.3.23 y siguientes pueden permitir un atacante autenticado para realizar operaciones ADOM no autorizadas a trav\u00e9s de solicitudes manipuladas."}], "lastModified": "2024-12-17T16:43:37.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29BAA789-62A7-4040-B6F7-8E70FFBA0399", "versionEndIncluding": "6.3.23", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF5ED7B3-39F3-49FD-82D9-72CAB2D68636", "versionEndIncluding": "6.4.3", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "744A540A-BC0F-4F64-8F26-F309D895359B", "versionEndIncluding": "7.0.10", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA10A5FC-77B4-4FEE-AB50-EF76450268A1", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B35B6E72-8578-4C35-80CF-66D0B74DAFC4", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}