CVE-2023-37935

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-598
View all →

Vulnerability Description

A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.

Related Vulnerabilities

CVE-2017-9280

HIGH
CVSS:7.5(High)

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, ...

CWE-5982017

CVE-2021-41719

HIGH
CVSS:7.5(High)

Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive in...

CWE-5982021

CVE-2023-32335

HIGH
CVSS:7.5(High)

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have acc...

CWE-5982023

CVE-2024-23766

HIGH
CVSS:7.5(High)

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus g...

CWE-5982024

CVE-2024-38863

LOW
CVSS:7.5(High)

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing...

CWE-5982024

CVE-2025-22387

HIGH
CVSS:7.5(High)

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This expose...

CWE-5982025