Описание
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.3.0 (включая) до 5.3.8 (включая)Версия от 6.0.0 (включая) до 6.0.14 (включая)Версия от 7.0.0 (включая) до 7.0.7 (исключая)Версия от 7.2.0 (включая) до 7.2.2 (исключая)
Одно из
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 5.4
github
около 2 лет назад
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.
EPSS
Процентиль: 43%
0.00207
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-639