Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2024-23107

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.

  • Published: Jun 3, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-23107
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

Software From Fixed in
fortinet / fortiweb 6.3.0 6.3.23.x
fortinet / fortiweb 7.4.0 7.4.0.x
fortinet / fortiweb 7.2.0 7.2.5
fortinet / fortiweb 7.0.0 7.0.9