Vulnerabilities > Fortinet > Fortiportal > 7.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-12 | CVE-2024-21761 | Improper Authorization vulnerability in Fortinet Fortiportal An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | 4.3 |
2024-01-10 | CVE-2023-46712 | Improper Access Control vulnerability in Fortinet Fortiportal A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | 8.8 |
2024-01-10 | CVE-2023-48783 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | 5.4 |
2023-12-13 | CVE-2023-48791 | Command Injection vulnerability in Fortinet Fortiportal An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. | 8.8 |
2023-02-16 | CVE-2022-43954 | Information Exposure Through Log Files vulnerability in Fortinet Fortiportal 7.0.0/7.0.1/7.0.2 An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | 6.5 |