VYPR

Fortiportal

by Fortinet

CVEs (46)

  • CVE-2017-7337CriMay 27, 2017
    risk 0.59cvss 9.1epss 0.01

    An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the…

  • CVE-2017-7731HigMay 27, 2017
    risk 0.49cvss 7.5epss 0.01

    A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.

  • CVE-2017-7338HigMay 27, 2017
    risk 0.49cvss 7.5epss 0.01

    A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.

  • CVE-2026-49938MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via

  • CVE-2017-7343MedMay 27, 2017
    risk 0.40cvss 6.1epss 0.01

    An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.

  • CVE-2017-7339MedMay 27, 2017
    risk 0.40cvss 6.1epss 0.01

    A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.

  • CVE-2021-32588Aug 18, 2021
    risk 0.02cvss epss 0.03

    A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying…

  • CVE-2024-40593Dec 11, 2025
    risk 0.00cvss epss 0.00

    A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all…

  • CVE-2025-54838Dec 9, 2025
    risk 0.00cvss epss 0.00

    An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.

  • CVE-2024-45329Jun 10, 2025
    risk 0.00cvss epss 0.00

    A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.

  • CVE-2025-46777May 28, 2025
    risk 0.00cvss epss 0.00

    A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal…

  • CVE-2024-40590Mar 14, 2025
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated…

  • CVE-2025-24470Feb 11, 2025
    risk 0.00cvss epss 0.01

    An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.

  • CVE-2022-23439Jan 22, 2025
    risk 0.00cvss epss 0.00

    A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver

  • CVE-2024-35277Jan 14, 2025
    risk 0.00cvss epss 0.01

    A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by…

  • CVE-2024-35278Jan 14, 2025
    risk 0.00cvss epss 0.00

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request,…

  • CVE-2024-52967Jan 14, 2025
    risk 0.00cvss epss 0.00

    An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.

  • CVE-2024-26011Nov 12, 2024
    risk 0.00cvss epss 0.01

    A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0…

  • CVE-2023-47543Nov 12, 2024
    risk 0.00cvss epss 0.00

    An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.

  • CVE-2024-21759Jul 9, 2024
    risk 0.00cvss epss 0.00

    An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.

Page 1 of 3