CVE-2024-27784

Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-072	Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-072	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*

History

09 Jan 2026, 17:15

Type	Values Removed	Values Added
Summary	(en) Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.	(en) Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.

21 Nov 2024, 09:05

Type	Values Removed	Values Added
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-072 - Vendor Advisory~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-072 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 8.8

09 Sep 2024, 16:16

Type	Values Removed	Values Added
Summary		(es) Las vulnerabilidades de exposición múltiple de información confidencial a un actor no autorizado [CWE-200] en FortiAIOps versión 2.0.0 pueden permitir que un atacante remoto autenticado recupere información confidencial del endpoint API o archivos de registro.
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 6.5
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-072 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-072 - Vendor Advisory
First Time		Fortinet fortiaiops Fortinet
CPE		cpe:2.3:a:fortinet:fortiaiops:2.0.0:::::::*

09 Jul 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-09 16:15

Updated : 2026-01-09 17:15

NVD link : CVE-2024-27784

Mitre link : CVE-2024-27784

CVE.ORG link : CVE-2024-27784

JSON object : View

Products Affected

fortinet

fortiaiops

CWE

CWE-532

Insertion of Sensitive Information into Log File

8.8 /10