Vulnerabilities (CVE)

Filtered by vendor Fortinet Subscribe
Filtered by product Fortiportal
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21759 1 Fortinet 1 Fortiportal 2024-09-09 N/A 4.3 MEDIUM
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.
CVE-2024-23105 1 Fortinet 1 Fortiportal 2024-05-23 N/A 7.5 HIGH
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
CVE-2024-21761 1 Fortinet 1 Fortiportal 2024-03-21 N/A 4.3 MEDIUM
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload.
CVE-2023-41842 1 Fortinet 4 Fortianalyzer, Fortianalyzer Bigdata, Fortimanager and 1 more 2024-03-21 N/A 6.7 MEDIUM
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
CVE-2023-48783 1 Fortinet 1 Fortiportal 2024-02-05 N/A 5.4 MEDIUM
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.
CVE-2023-48791 1 Fortinet 1 Fortiportal 2024-02-05 N/A 8.8 HIGH
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
CVE-2023-46712 1 Fortinet 1 Fortiportal 2024-02-05 N/A 8.8 HIGH
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests.
CVE-2022-43954 1 Fortinet 1 Fortiportal 2024-02-04 N/A 6.5 MEDIUM
An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.
CVE-2022-27490 1 Fortinet 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more 2024-02-04 N/A 6.5 MEDIUM
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
CVE-2021-36171 1 Fortinet 1 Fortiportal 2024-02-04 6.8 MEDIUM 8.1 HIGH
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
CVE-2021-26104 1 Fortinet 3 Fortianalyzer, Fortimanager, Fortiportal 2024-02-04 7.2 HIGH 7.8 HIGH
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
CVE-2021-32595 1 Fortinet 1 Fortiportal 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
CVE-2021-36174 1 Fortinet 1 Fortiportal 2024-02-04 5.0 MEDIUM 7.5 HIGH
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.
CVE-2021-42757 1 Fortinet 13 Fortiadc, Fortianalyzer, Fortimail and 10 more 2024-02-04 4.6 MEDIUM 6.7 MEDIUM
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
CVE-2021-36172 1 Fortinet 1 Fortiportal 2024-02-04 6.4 MEDIUM 8.1 HIGH
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
CVE-2021-36181 1 Fortinet 1 Fortiportal 2024-02-04 3.5 LOW 3.1 LOW
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests.
CVE-2021-36176 1 Fortinet 1 Fortiportal 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
CVE-2021-32596 1 Fortinet 1 Fortiportal 2024-02-04 5.0 MEDIUM 7.5 HIGH
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.
CVE-2021-32590 1 Fortinet 1 Fortiportal 2024-02-04 9.0 HIGH 8.8 HIGH
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
CVE-2021-36168 1 Fortinet 1 Fortiportal 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.