FortiPortal - Authentication bypass and remote code execution as root
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.
FortiPortal versions 5.2.5 and below.
FortiPortal versions 5.3.5 and below.
FortiPortal versions 6.0.4 and below.
Please upgrade to FortiPortal version 5.2.6 or above.
Please upgrade to FortiPortal version 5.3.6 or above.
Please upgrade to FortiPortal version 6.0.5 or above.