VDB
CVE-2024-31493
CVE-2024-31493
PUBLISHED
CVSS 6 MEDIUM
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.
EPSS 0.61% · 70.0th percentile
Risk Scores
CVSS v3.1
6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X
EPSS Score
0.61%
70.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fortinet | fortisoar | 7.0.0 |
| Fortinet | FortiSOAR | 7.3.0, 7.2.0, 7.0.0 |
Timeline
- May 15, 2024 CVE Published
- Jun 3, 2024 EPSS Score
- Jun 27, 2024 EPSS Score
- Jul 20, 2024 EPSS Score
- Aug 13, 2024 EPSS Score
- Sep 5, 2024 EPSS Score
- Sep 28, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 13, 2024 EPSS Score
- Dec 8, 2024 EPSS Score
- Dec 31, 2024 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-23-225 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-040 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-282 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-406 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-137 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-222 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-052 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-474 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-195 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-433 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-021 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-420 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-054 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-465 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-415 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-191 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-017 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-120 advisory
- https://fortiguard.fortinet.com/psirt/FG-IR-24-052 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-31493 advisory