CVE-2017-7337

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-17-114 Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*

Information

Published : 2017-05-26 17:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-7337

Mitre link : CVE-2017-7337


JSON object : View

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

Advertisement

dedicated server usa

Products Affected

fortinet

  • fortiportal