Sensitive Information Disclosure in FortiPortal Management Interface
CVE-2022-43954

4.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiportal
Vendor: CVE Published:; 16 February 2023

Summary

A vulnerability in the FortiPortal management interface allows remote authenticated attackers to access sensitive information, including passwords stored in the audit log. This issue impacts versions 7.0.0 to 7.0.2 and arises from improper handling of sensitive data, which can lead to significant security risks if exploited. It is crucial for users of affected FortiPortal versions to apply necessary mitigations to safeguard against unauthorized access to sensitive credentials.

Affected Version(s)

FortiPortal 7.0.0 <= 7.0.2

References

https://fortiguard.com/psirt/FG-IR-22-430

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Oct 27, 2022