Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.
FortiPresence 2.1.0 and below
Please upgrade to FortiPresence 20.1 or above.
Starting in 2020, FortiPresence will employ a new version syntax.
Fortinet is pleased to thank SI9INT for reporting this vulnerability under responsible disclosure.