Authorization Bypass Vulnerability in PortiPortal by Fortinet
CVE-2023-48783
5.4MEDIUM
Summary
The vulnerability in PortiPortal allows remote authenticated users with read-only permissions to exploit crafted GET requests, potentially gaining access to other organizational endpoints. This flaw represents a significant security concern for users, as it permits unauthorized data access, compromising endpoint security. It is essential for organizations using affected versions of PortiPortal to be aware and take necessary steps to mitigate this risk. For further details, refer to Fortinet's advisory.
Affected Version(s)
FortiPortal 7.2.0 <= 7.2.1
FortiPortal 7.0.0 <= 7.0.6
FortiPortal 6.0.0 <= 6.0.14
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved