FortiManager dvmdb/device REST API JSON password in cleartext Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-051 Final 1 1 2019-04-23T00:00:00 Current version 2019-04-23T00:00:00 2019-04-23T00:00:00 A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. Information disclosure FortiManager 5.2.0 to 5.2.7, 5.4.0 and 5.4.1 Upgrade to 5.2.8 or above.Upgrade to 5.4.2 or above. Fortinet thanks Pavel German for reporting this vulnerability. CVE-2018-1360 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-051 FortiManager dvmdb/device REST API JSON password in cleartext Reference>