4 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

10 Jun 2025 — A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-274 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 2.3EPSS: 0%CPEs: 3EXPL: 0

28 May 2025 — A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. • https://fortiguard.fortinet.com/psirt/FG-IR-24-380 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

14 Mar 2025 — An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. An improper certificate validation vulnerability [CWE-295] in FortiPo... • https://fortiguard.fortinet.com/psirt/FG-IR-22-155 • CWE-295: Improper Certificate Validation •

CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0

11 Feb 2025 — An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-25-015 • CWE-41: Improper Resolution of Path Equivalence •