FortiManager --- Password observed in cleartext in the config conflict file Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-165 Final 1 1 2022-03-01T00:00:00 Current version 2022-03-01T00:00:00 2022-03-01T00:00:00 An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. None Information disclosure FortiManager version 7.0.0 through 7.0.2FortiManager version 6.4.0 through 6.4.7FortiManager version 6.2.0 through 6.2.11FortiManager 6.0 all versions are not affected Please upgrade to FortiManager verison 7.0.3 or above.Please upgrade to FortiManager version 6.4.8 or above. Fortinet is pleased to thank Aymen Idriss from Topnet for reporting this vulnerability under responsible disclosure. FortiManager 7.0.2 FortiManager 7.0.1 FortiManager 7.0.0 FortiManager 6.4.7 FortiManager 6.4.6 FortiManager 6.4.5 FortiManager 6.4.4 FortiManager 6.4.3 FortiManager 6.4.2 FortiManager 6.4.1 FortiManager 6.4.0 FortiManager 6.2.11 FortiManager 6.2.10 FortiManager 6.2.9 FortiManager 6.2.8 FortiManager 6.2.7 FortiManager 6.2.6 FortiManager 6.2.5 FortiManager 6.2.4 FortiManager 6.2.3 FortiManager 6.2.2 FortiManager 6.2.1 FortiManager 6.2.0 CVE-2022-22303 FortiManager-7.0.2 FortiManager-7.0.1 FortiManager-7.0.0 FortiManager-6.4.7 FortiManager-6.4.6 FortiManager-6.4.5 FortiManager-6.4.4 FortiManager-6.4.3 FortiManager-6.4.2 FortiManager-6.4.1 FortiManager-6.4.0 FortiManager-6.2.11 FortiManager-6.2.10 FortiManager-6.2.9 FortiManager-6.2.8 FortiManager-6.2.7 FortiManager-6.2.6 FortiManager-6.2.5 FortiManager-6.2.4 FortiManager-6.2.3 FortiManager-6.2.2 FortiManager-6.2.1 FortiManager-6.2.0 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-21-165 FortiManager --- Password observed in cleartext in the config conflict file Reference>