Use of GET Request Method With Sensitive Query Strings

CVE-2023-37935

Medium

6.5/10

Summary

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-598 - Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

References

Advisory Timeline

Published Oct 10, 2023

Use of GET Request Method With Sensitive Query Strings

CVE-2023-37935

Summary

CWE-598 - Use of GET Request Method With Sensitive Query Strings

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS