A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
SolutionsPlease upgrade to FortiOS version 7.2.4 or above
Please upgrade to FortiOS version 7.0.11 or above