{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-47570", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-09-27T16:19:24.136Z", "datePublished": "2025-12-09T17:20:42.499Z", "dateUpdated": "2025-12-10T04:57:25.038Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiProxy", "cpes": ["cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.3", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.11", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSRA", "cpes": ["cpe:2.3:a:fortinet:fortisra:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "1.4.0", "lessThanOrEqual": "1.4.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiPAM", "cpes": ["cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "1.4.0", "lessThanOrEqual": "1.4.3", "status": "affected"}, {"versionType": "semver", "version": "1.3.0", "lessThanOrEqual": "1.3.1", "status": "affected"}, {"version": "1.2.0", "status": "affected"}, {"versionType": "semver", "version": "1.1.0", "lessThanOrEqual": "1.1.2", "status": "affected"}, {"versionType": "semver", "version": "1.0.0", "lessThanOrEqual": "1.0.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiOS", "cpes": ["cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.3", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.7", "status": "affected"}, {"versionType": "semver", "version": "7.0.4", "lessThanOrEqual": "7.0.18", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiSASE", "cpes": ["cpe:2.3:a:fortinet:fortisase:24.1.10:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "24.1.10", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration)."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-12-09T17:20:42.499Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "Escalation of privilege", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Fortinet remediated this issue in FortiSASE version 24.1.c and hence customers do not need to perform any action.\nUpgrade to FortiPAM version 1.6.0 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiSRA version 1.6.0 or above\nUpgrade to FortiSRA version 1.5.0 or above\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.12 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.4 or above\nUpgrade to FortiOS version 7.2.8 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-268", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-268"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-09T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-47570"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T04:57:25.038Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47570", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-09T18:05:23.216616Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-09T18:05:26.021Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiProxy", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.3"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.11"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisra:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortisra:1.4.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSRA", "versions": [{"status": "affected", "version": "1.4.0", "versionType": "semver", "lessThanOrEqual": "1.4.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiPAM", "versions": [{"status": "affected", "version": "1.4.0", "versionType": "semver", "lessThanOrEqual": "1.4.3"}, {"status": "affected", "version": "1.3.0", "versionType": "semver", "lessThanOrEqual": "1.3.1"}, {"status": "affected", "version": "1.2.0"}, {"status": "affected", "version": "1.1.0", "versionType": "semver", "lessThanOrEqual": "1.1.2"}, {"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.3"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.7"}, {"status": "affected", "version": "7.0.4", "versionType": "semver", "lessThanOrEqual": "7.0.18"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortisase:24.1.10:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiSASE", "versions": [{"status": "affected", "version": "24.1.10"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Fortinet remediated this issue in FortiSASE version 24.1.c and hence customers do not need to perform any action.\nUpgrade to FortiPAM version 1.6.0 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiSRA version 1.6.0 or above\nUpgrade to FortiSRA version 1.5.0 or above\nUpgrade to FortiProxy version 7.4.4 or above\nUpgrade to FortiProxy version 7.2.12 or above\nUpgrade to FortiOS version 7.6.0 or above\nUpgrade to FortiOS version 7.4.4 or above\nUpgrade to FortiOS version 7.2.8 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-268", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-268"}], "descriptions": [{"lang": "en", "value": "An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "Escalation of privilege"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-12-09T17:20:42.499Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47570", "state": "PUBLISHED", "dateUpdated": "2025-12-10T04:57:25.038Z", "dateReserved": "2024-09-27T16:19:24.136Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-12-09T17:20:42.499Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8B93C73-1E94-4854-8405-C3689860A74C", "versionEndExcluding": "7.2.12", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F2C29AD-A11F-4A5F-8BB0-8600D5F77E72", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisase:24.1.37:*:*:*:*:*:*:*", "matchCriteriaId": "9BB4EFCB-CE5B-4B56-A010-44678E011B0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortisra:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5DE63FB-58DD-4812-83B0-E67A578ED138", "versionEndIncluding": "1.4.3", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "A506930A-6DA7-4F7F-957B-500C644284D5", "versionEndIncluding": "7.0.17", "versionStartIncluding": "7.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6D2A14F-3916-45A0-AD4D-27C60E00AEC0", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*", "matchCriteriaId": "99C56A5F-D835-41CC-B162-49EFB8CF185A", "versionEndIncluding": "1.4.3", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration)."}], "id": "CVE-2024-47570", "lastModified": "2025-12-10T20:32:21.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-12-09T18:15:47.590", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-268"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}