FortiPortal - Improper thread synchronization for database operations
Summary
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') [CWE-362] in the customer database interface of FortiPortal may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests.
Affected Products
FortiPortal version 6.0.5 and below.
FortiPortal version 5.3.6 and below.
FortiPortal version 5.2.6 and below.
FortiPortal version 5.1.2 and below.
FortiPortal version 5.0.3 and below.
FortiPortal version 4.2.2 and below.
FortiPortal version 4.1.2 and below.
FortiPortal version 4.0.2 and below.
Solutions
Upgrade to FortiPortal version 6.0.6 or above.