NotCVE - vendor:"Fortinet" product:"FortiPortal" version:" >= 7.4.0 <= 7.4.2"

4 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-45329

https://notcve.org/view.php?id=CVE-2024-45329

10 Jun 2025 — A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-274 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 2.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2025-46777

https://notcve.org/view.php?id=CVE-2025-46777

28 May 2025 — A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. • https://fortiguard.fortinet.com/psirt/FG-IR-24-380 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-40590

https://notcve.org/view.php?id=CVE-2024-40590

14 Mar 2025 — An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. An improper certificate validation vulnerability [CWE-295] in FortiPo... • https://fortiguard.fortinet.com/psirt/FG-IR-22-155 • CWE-295: Improper Certificate Validation •

CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2025-24470

https://notcve.org/view.php?id=CVE-2025-24470

11 Feb 2025 — An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-25-015 • CWE-41: Improper Resolution of Path Equivalence •