CVE-2024-46671
MEDIUMDescription
An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortiweb |
| fortinet | fortiweb |
| fortinet | fortiweb |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-46671? +
How severe is CVE-2024-46671? +
What products are affected by CVE-2024-46671? +
How do I check if I'm vulnerable to CVE-2024-46671? +
Related Vulnerabilities
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened …
A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable …
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as …
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during …
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use …