First published: Tue Nov 12 2024(Updated: )
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiPortal | >=7.0.0<7.0.4 |
Please upgrade to FortiPortal version 7.2.0 or above Please upgrade to FortiPortal version 7.0.4 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-47543 is considered high due to its potential impact on the confidentiality and integrity of data across organizations.
To fix CVE-2023-47543, upgrade Fortinet FortiPortal to version 7.0.4 or later.
CVE-2023-47543 affects authenticated users of Fortinet FortiPortal versions 7.0.0 through 7.0.3.
CVE-2023-47543 is categorized as an authorization bypass through user-controlled key vulnerability.
Yes, CVE-2023-47543 can be exploited remotely through HTTP or HTTPS requests by authenticated attackers.