Vulnerability Details CVE-2022-35842
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.8%
CVSS Severity
CVSS v3 Score 3.7
Products affected by CVE-2022-35842
-
cpe:2.3:o:fortinet:fortios:6.4.0
-
cpe:2.3:o:fortinet:fortios:6.4.1
-
cpe:2.3:o:fortinet:fortios:6.4.2
-
cpe:2.3:o:fortinet:fortios:6.4.3
-
cpe:2.3:o:fortinet:fortios:6.4.4
-
cpe:2.3:o:fortinet:fortios:6.4.5
-
cpe:2.3:o:fortinet:fortios:6.4.6
-
cpe:2.3:o:fortinet:fortios:6.4.7
-
cpe:2.3:o:fortinet:fortios:6.4.8
-
cpe:2.3:o:fortinet:fortios:6.4.9
-
cpe:2.3:o:fortinet:fortios:7.0.0
-
cpe:2.3:o:fortinet:fortios:7.0.1
-
cpe:2.3:o:fortinet:fortios:7.0.2
-
cpe:2.3:o:fortinet:fortios:7.0.3
-
cpe:2.3:o:fortinet:fortios:7.0.4
-
cpe:2.3:o:fortinet:fortios:7.0.5
-
cpe:2.3:o:fortinet:fortios:7.0.6
-
cpe:2.3:o:fortinet:fortios:7.2.0