FortiPortal Multiple Vulnerabilities Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-114 Final 1 1 2017-05-15T00:00:00 Current version 2017-05-15T00:00:00 2017-05-15T00:00:00 Multiple vulnerabilities impacting FortiPortal were disclosed to Fortinet with details as follows:CVE-2017-7337: Improper Access Control allows a user to potentially view firewall policies and objects from a VDOM s/he is not authorized to, enumerate other customer ADOMs and view other customers' dataCVE-2017-7338: Application returns password hashes, and passwords for associated FortiAnalyzer devices via the UICVE-2017-7339: Persistent XSS via the 'Name' and 'Description' fields in the pop-up to add Revision Backups as a customerCVE-2017-7340: Reflected XSS via the 'applicationSearch' parameter in the 'View' tabCVE-2017-7342: Weak password Policy allows a user to bypass the enforced password change post a password recovery requestCVE-2017-7343: Open Redirect via the 'url' parameterCVE-2017-7731: User Enumeration through Forgotten Password due to difference in responses for when an email address exists in the system and when one doesn't Information disclosure FortiPortal versions 4.0.0 and below Upgrade to FortiPortal version 4.0.1 Fortinet is pleased to thank David Tredger, Senior Security Consultant, Aura Information Security for reporting this vulnerability under Responsible Disclosure. CVE-2017-7337 CVE-2017-7338 CVE-2017-7339 CVE-2017-7340 CVE-2017-7342 CVE-2017-7343 CVE-2017-7731 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-17-114 FortiPortal Multiple Vulnerabilities Reference>