Search
Find a vulnerability
Search criteria
12 vulnerabilities found for Fortinet FortiPortal by Fortinet, Inc.
CVE-2017-7342 (GCVE-0-2017-7342)
Vulnerability from nvd – Published: 2019-03-25 21:05 – Updated: 2024-10-25 14:31
VLAI
Summary
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:11:04.164564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:31:01.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T21:05:27.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7342",
"datePublished": "2019-03-25T21:05:27.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:31:01.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7731 (GCVE-0-2017-7731)
Vulnerability from nvd – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:34
VLAI
Summary
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:10:04.644674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:34:19.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7731",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-04-12T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:34:19.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7343 (GCVE-0-2017-7343)
Vulnerability from nvd – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:13
VLAI
Summary
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Execution of unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:47.694564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:13:26.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execution of unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution of unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7343",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:13:26.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7339 (GCVE-0-2017-7339)
Vulnerability from nvd – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:13
VLAI
Summary
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Execution of unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:49.246157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:13:38.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the \u0027Name\u0027 and \u0027Description\u0027 inputs in the \u0027Add Revision Backup\u0027 functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execution of unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the \u0027Name\u0027 and \u0027Description\u0027 inputs in the \u0027Add Revision Backup\u0027 functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution of unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7339",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:13:38.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7338 (GCVE-0-2017-7338)
Vulnerability from nvd – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:34
VLAI
Summary
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:10:05.900034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:34:32.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7338",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:34:32.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7337 (GCVE-0-2017-7337)
Vulnerability from nvd – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:34
VLAI
Summary
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:11:12.617419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:34:44.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user\u0027s stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user\u0027s stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7337",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:34:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7342 (GCVE-0-2017-7342)
Vulnerability from cvelistv5 – Published: 2019-03-25 21:05 – Updated: 2024-10-25 14:31
VLAI
Summary
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:11:04.164564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:31:01.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T21:05:27.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7342",
"datePublished": "2019-03-25T21:05:27.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:31:01.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7343 (GCVE-0-2017-7343)
Vulnerability from cvelistv5 – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:13
VLAI
Summary
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Execution of unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:47.694564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:13:26.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execution of unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution of unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7343",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:13:26.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7339 (GCVE-0-2017-7339)
Vulnerability from cvelistv5 – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:13
VLAI
Summary
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Execution of unauthorized code or commands
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:49.246157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:13:38.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the \u0027Name\u0027 and \u0027Description\u0027 inputs in the \u0027Add Revision Backup\u0027 functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execution of unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the \u0027Name\u0027 and \u0027Description\u0027 inputs in the \u0027Add Revision Backup\u0027 functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution of unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7339",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:13:38.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7337 (GCVE-0-2017-7337)
Vulnerability from cvelistv5 – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:34
VLAI
Summary
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:11:12.617419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:34:44.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user\u0027s stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user\u0027s stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7337",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:34:44.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7731 (GCVE-0-2017-7731)
Vulnerability from cvelistv5 – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:34
VLAI
Summary
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:10:04.644674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:34:19.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7731",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-04-12T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:34:19.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7338 (GCVE-0-2017-7338)
Vulnerability from cvelistv5 – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:34
VLAI
Summary
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://fortiguard.com/psirt/FG-IR-17-114 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiPortal |
Affected:
FortiPortal versions 4.0.0 and below
|
Date Public
2017-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:10:05.900034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:34:32.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiPortal",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiPortal versions 4.0.0 and below"
}
]
}
],
"datePublic": "2017-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T21:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7338",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2017-03-30T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:34:32.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}