FortiPortal - Improper Authorization in reports download


An improper authorization vulnerability [CWE-285] in FortiPortal reports may allow a user to download other organizations reports via modification in the request payload.

Version Affected Solution
FortiPortal 7.2 7.2.0 Upgrade to 7.2.1 or above
FortiPortal 7.0 7.0.0 through 7.0.6 Upgrade to 7.0.7 or above


2024-02-27: Initial publication