A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortiportal
APPFortinet≤ 4.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2021-32588CRITICAL9.8ten sam produkt
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and bel...
CVE-2021-32590CRITICAL9.9ten sam produkt
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0...
CVE-2017-7337CRITICAL9.1ten sam produkt
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker t...
CVE-2025-24470HIGH8.6ten sam produkt
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 th...
CVE-2021-32589HIGH8.1ten sam produkt
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7...