An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
References
History

Fri, 25 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2017-05-26T22:00:00

Updated: 2024-10-25T14:34:44.413Z

Reserved: 2017-03-30T00:00:00

Link: CVE-2017-7337

cve-icon Vulnrichment

Updated: 2024-08-05T15:56:36.479Z

cve-icon NVD

Status : Modified

Published: 2017-05-27T00:29:01.113

Modified: 2024-11-21T03:31:38.877

Link: CVE-2017-7337

cve-icon Redhat

No data.