CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48783
https://notcve.org/view.php?id=CVE-2023-48783
10 Jan 2024 — An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. Una vulnerabilidad de omisión de autorización a través de clave controlada por el usuario [CWE-639] que afecta a PortiPortal versión 7.2.1 e inferior, versión 7.0.6 e infer... • https://fortiguard.com/psirt/FG-IR-23-408 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46712
https://notcve.org/view.php?id=CVE-2023-46712
10 Jan 2024 — A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. Un control de acceso inadecuado en Fortinet FortiPortal versión 7.0.0 a 7.0.6, Fortinet FortiPortal versión 7.2.0 a 7.2.1 permite al atacante escalar su privilegio a través de solicitudes HTTP específicamente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-395 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0CVE-2023-48791
https://notcve.org/view.php?id=CVE-2023-48791
13 Dec 2023 — An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. Una neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ('Inyección de comando') [CWE-77] en FortiPortal versión 7.2.0, versi... • https://fortiguard.com/psirt/FG-IR-23-425 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43954
https://notcve.org/view.php?id=CVE-2022-43954
16 Feb 2023 — An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. • https://fortiguard.com/psirt/FG-IR-22-430 • CWE-532: Insertion of Sensitive Information into Log File •