Improper access control on the administrators account list Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-059 Final 1 1 2021-08-03T00:00:00 Current version 2021-08-03T00:00:00 2021-08-03T00:00:00 An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. Improper access control FortiManager version 7.0.0.FortiManager version 6.4.5 and below.FortiManager version 6.2.8 and below.FortiManager version 6.2.x.FortiManager version 6.0.x.FortiManager version 5.6.x.FortiAnalyzer version 7.0.0.FortiAnalyzer version 6.4.5 and below.FortiAnalyzer version 6.2.8 and below.FortiAnalyzer version 6.0.x.FortiAnalyzer version 5.6.x. Please upgrade to FortiManager version 7.0.1 or above.Please upgrade to FortiManager version 6.4.6 or above.Please upgrade to FortiManager version 6.2.9 or above.Please upgrade to FortiAnalyzer version 7.0.1 or above.Please upgrade to FortiAnalyzer version 6.4.6 or above.Please upgrade to FortiAnalyzer version 6.2.9 or above. Fortinet is pleased to thank Clément Amic, Pierre Milioni and Adrien Peter from Synacktiv for reporting this vulnerability under responsible disclosure. CVE-2021-32587 4.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-059 Improper access control on the administrators account list Reference>