Vulnerabilities > Fortinet > Fortiportal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-21759 | Unspecified vulnerability in Fortinet Fortiportal An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | 4.3 |
| 2024-03-12 | CVE-2023-41842 | Unspecified vulnerability in Fortinet products A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. | 6.7 |
| 2024-03-12 | CVE-2024-21761 | Unspecified vulnerability in Fortinet Fortiportal An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | 4.3 |
| 2024-01-10 | CVE-2023-48783 | Unspecified vulnerability in Fortinet Fortiportal An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | 5.4 |
| 2023-03-07 | CVE-2022-27490 | Information Exposure vulnerability in Fortinet products A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | 6.5 |
| 2023-02-16 | CVE-2022-43954 | Information Exposure Through Log Files vulnerability in Fortinet Fortiportal 7.0.0/7.0.1/7.0.2 An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | 6.5 |
| 2023-01-03 | CVE-2022-41336 | Cross-site Scripting vulnerability in Fortinet Fortiportal An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter. | 4.8 |
| 2021-12-08 | CVE-2021-42757 | Out-of-bounds Write vulnerability in Fortinet products A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | 6.7 |
| 2021-11-02 | CVE-2021-36176 | Cross-site Scripting vulnerability in Fortinet Fortiportal Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | 6.1 |
| 2021-11-02 | CVE-2021-32595 | Resource Exhaustion vulnerability in Fortinet Fortiportal Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | 6.5 |