An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
References
Link | Resource |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-24-011 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Sep 2024, 16:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortinet
Fortinet fortiportal |
|
References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-011 - Vendor Advisory | |
CPE | cpe:2.3:a:fortinet:fortiportal:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* |
|
Summary |
|
09 Jul 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-09 16:15
Updated : 2024-09-09 16:02
NVD link : CVE-2024-21759
Mitre link : CVE-2024-21759
CVE.ORG link : CVE-2024-21759
JSON object : View
Products Affected
fortinet
- fortiportal
CWE
CWE-639
Authorization Bypass Through User-Controlled Key