Fortinet: >> Fortiportal Security Vulnerabilities
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-11-12
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-07-09
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-06-11
A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-06-03
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-05-14
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-03-12
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-03-12
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-01-10
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-01-10
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
CVSS Score
8.8
EPSS Score
0.021
Published
2023-12-13