A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal may allow a remote and unauthenticated attackerÂ to execute unauthorized commands as rootÂ by uploading and deployingÂ malicious web application archive files using theÂ default hard-coded Tomcat ManagerÂ username and password.Â
FortiPortal versions 5.2.5Â and below.Â
FortiPortal versions 5.3.5Â and below.
FortiPortal versions 6.0.4 and below.Â
Please upgrade to FortiPortal version 5.2.6Â or above.Â
Please upgrade to FortiPortal version 5.3.6Â or above.
Please upgrade to FortiPortal version 6.0.5 or above.Â