Auth Bypass via User-Controlled Key Vulnerability

CVE-2023-47543

5.1MEDIUM

Key Information

Vendor: Fortinet
Status: Fortiportal
Vendor: CVE Published:; 12 November 2024

Summary

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.

Affected Version(s)

FortiPortal <= 7.0.3

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 12, 2024
Vulnerability Reserved.
Nov 6, 2023

Collectors

NVD DatabaseMitre Database