{"api_version":"1","generated_at":"2026-04-23T07:57:37+00:00","cve":"CVE-2023-44256","urls":{"html":"https://cve.report/CVE-2023-44256","api":"https://cve.report/api/cve/CVE-2023-44256.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-44256","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-44256"},"summary":{"title":"CVE-2023-44256","description":"A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.","state":"PUBLIC","assigner":"psirt@fortinet.com","published_at":"2023-10-20 10:15:00","updated_at":"2023-11-07 04:21:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-19-039","name":"https://fortiguard.com/psirt/FG-IR-19-039","refsource":"MISC","tags":[],"title":"PSIRT Advisories | FortiGuard","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh","name":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh","refsource":"MISC","tags":[],"title":"Fortinet FortiAnalyzer - SSRF wkhtmltopdf (CVE-2023-44256) · Advisory · orangecertcc/security-research · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-44256","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44256","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"44256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortianalyzer","cpe6":"7.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"44256","vulnerable":"1","versionEndIncluding":"6.4.13","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortianalyzer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"44256","vulnerable":"1","versionEndIncluding":"7.0.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortianalyzer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"44256","vulnerable":"1","versionEndIncluding":"7.2.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortianalyzer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"44256","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortimanager","cpe6":"7.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"44256","vulnerable":"1","versionEndIncluding":"7.0.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortimanager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"44256","vulnerable":"1","versionEndIncluding":"7.2.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortimanager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-44256","qid":"379128","title":"Fortinet FortiAnalyzer and FortiManager - Server-Side Request Forgery (SSRF) Vulnerability (FG-IR-19-039)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-44256","ASSIGNER":"psirt@fortinet.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure","cweId":"CWE-22"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortinet","product":{"product_data":[{"product_name":"FortiAnalyzer","version":{"version_data":[{"version_affected":"=","version_value":"7.4.0"},{"version_affected":"<=","version_name":"7.2.0","version_value":"7.2.3"},{"version_affected":"<=","version_name":"7.0.2","version_value":"7.0.8"},{"version_affected":"<=","version_name":"6.4.8","version_value":"6.4.13"}]}},{"product_name":"FortiManager","version":{"version_data":[{"version_affected":"=","version_value":"7.4.0"},{"version_affected":"<=","version_name":"7.2.0","version_value":"7.2.3"},{"version_affected":"<=","version_name":"7.0.0","version_value":"7.0.8"}]}}]}}]}},"references":{"reference_data":[{"url":"https://fortiguard.com/psirt/FG-IR-19-039","refsource":"MISC","name":"https://fortiguard.com/psirt/FG-IR-19-039"},{"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh","refsource":"MISC","name":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"}]},"solution":[{"lang":"en","value":"Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above "}],"impact":{"cvss":[{"version":"3.1","attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X"}]}},"nvd":{"publishedDate":"2023-10-20 10:15:00","lastModifiedDate":"2023-11-07 04:21:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.2","versionEndIncluding":"7.0.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.8","versionEndIncluding":"6.4.13","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}