CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

**FortiADC - Read-only administrator can read or backup the system configuration**

**Summary**

An improper authorization vulnerability \[CWE-285\] in FortiADC may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests.

Version

Affected

Solution

FortiADC 7.4

7.4.0

Upgrade to 7.4.1 or above

FortiADC 7.2

7.2.0 through 7.2.2

Upgrade to 7.2.3 or above

FortiADC 7.1

7.1 all versions

Migrate to a fixed release

FortiADC 7.0

7.0 all versions

Migrate to a fixed release

FortiADC 6.2

6.2 all versions

Migrate to a fixed release

FortiADC 6.1

6.1 all versions

Migrate to a fixed release

FortiADC 6.0

6.0 all versions

Migrate to a fixed release

**Acknowledgement**

Internally discovered and reported by Yonghui Han from Fortinet's FortiGuard Labs.

Headline

CVE-2023-41673: Fortiguard

CVE: Latest News