FortiSDNConnector - Credential leak

2021-10-0500:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

28.4%

JSON

An insufficiently protected credentials vulnerability [CWE-522] in FortiSDNConnector may allow an authenticated user to obtain third party device credentials via visiting the configuration page in the WebUI.

CPENameOperatorVersion
fortisdnconnectoreq1.1.7
fortisdnconnectoreq1.1.6
fortisdnconnectoreq1.1.5
fortisdnconnectoreq1.1.4
fortisdnconnectoreq1.1.3
fortisdnconnectoreq1.1.2
fortisdnconnectoreq1.1.1
fortisdnconnectoreq1.1.0
fortisdnconnectoreq1.0.0

Name	Operator	Version
fortisdnconnector	eq	1.1.7
fortisdnconnector	eq	1.1.6
fortisdnconnector	eq	1.1.5
fortisdnconnector	eq	1.1.4
fortisdnconnector	eq	1.1.3
fortisdnconnector	eq	1.1.2
fortisdnconnector	eq	1.1.1
fortisdnconnector	eq	1.1.0
fortisdnconnector	eq	1.0.0

0.001 Low

EPSS

Percentile

28.4%

JSON

Related for FG-IR-20-183