{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T21:21:37.694","vulnerabilities":[{"cve":{"id":"CVE-2024-36509","sourceIdentifier":"psirt@fortinet.com","published":"2024-11-12T19:15:10.440","lastModified":"2024-11-14T20:33:44.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the \"Log Access Event\" logs page."},{"lang":"es","value":"Una exposición de información confidencial del sistema a una vulnerabilidad de esfera de control no autorizada [CWE-497] en FortiWeb versión 7.6.0, versión 7.4.3 y anteriores, versión 7.2.10 y anteriores, versión 7.0.10 y anteriores, versión 6.3.23 y anteriores puede permitir que un atacante autenticado acceda a las contraseñas cifradas de otros administradores a través de la página de registros \"Evento de acceso al registro\"."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-497"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"7.4.4","matchCriteriaId":"7B0C24E1-3735-4117-8FA1-FB20D23AED9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"28B43375-DA74-4C5F-BAEE-39F312EEF51F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-180","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}