CVE-2023-47543

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-23-448

Configurations

No configuration.

History

13 Nov 2024, 17:01

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de omisión de autorización a través de una clave controlada por el usuario [CWE-639] en Fortinet FortiPortal versión 7.0.0 a 7.0.3 permite que un atacante autenticado interactúe con recursos de otras organizaciones a través de solicitudes HTTP o HTTPS.

12 Nov 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-12 19:15

Updated : 2024-11-13 17:01

NVD link : CVE-2023-47543

Mitre link : CVE-2023-47543

CVE.ORG link : CVE-2023-47543

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

5.4 /10