CVE-2023-22642
https://notcve.org/view.php?id=CVE-2023-22642
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. • https://fortiguard.com/psirt/FG-IR-22-502 • CWE-295: Improper Certificate Validation •
CVE-2022-38377
https://notcve.org/view.php?id=CVE-2022-38377
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiManager 7.2.0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.7, 6.2.0 a 6.2.9, 6.0.0 a 6.0.11 y FortiAnalyzer 7.2 .0, 7.0.0 a 7.0.3, 6.4.0 a 6.4.8, 6.2.0 a 6.2.10, 6.0.0 a 6.0.12 pueden permitir que un usuario administrador remoto y autenticado asignado a un ADOM específico acceda a otros ADOM de información, como información del dispositivo e información del panel. • https://fortiguard.com/psirt/FG-IR-20-143 • CWE-284: Improper Access Control •