CVE-2023-44255 Information

Description

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2 FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-23-267