CVE-2023-47543 MEDIUM

CVE-2023-47543

Vendor Fortinet
Product FortiPortal
Weakness CWE-639 · IDOR
Published November 12, 2024
Last update November 13, 2024

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 13, 2024 Record updated