A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortiportal
APPFortinetβ€ 4.0.0
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2021-32588CRITICAL9.8ten sam produkt
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and bel...
CVE-2021-32590CRITICAL9.9ten sam produkt
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0...
CVE-2017-7337CRITICAL9.1ten sam produkt
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker t...
CVE-2025-24470HIGH8.6ten sam produkt
AnΒ Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 th...
CVE-2021-32589HIGH8.1ten sam produkt
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7...