FortiManager --- Password observed in cleartext in the config conflict file
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
Affected ProductsFortiManager version 6.2.0 through 6.2.9
FortiManager version 6.4.0 through 6.4.7
FortiManager version 7.0.0 through 7.0.2
Please upgrade to FortiManager verison 7.0.3 or above.
Please upgrade to FortiManager version 6.4.8 or above.