CVE-2023-48783

5.4MEDIUM

Key Information

Vendor: Fortinet
Status: FortiPortal
Vendor: CVE Published:; 10 January 2024

Summary

An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.

Affected Version(s)

FortiPortal <= 7.2.1

FortiPortal <= 7.0.6

FortiPortal <= 6.0.14

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 10, 2024
Vulnerability Reserved.
Nov 19, 2023

Collectors

NVD DatabaseMitre Database