CVE-2023-48783

Medium

An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6…

fortinet·CWE-639·Published 2024-01-10

CVSS

5.4

EPSS

0.22

KEV

Exploits

cve.orgen

339 chars

An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.

NVDen

339 chars

NVDes

411 chars

Una vulnerabilidad de omisión de autorización a través de clave controlada por el usuario [CWE-639] que afecta a PortiPortal versión 7.2.1 e inferior, versión 7.0.6 e inferior, versión 6.0.14 e inferior, versión 5.3.8 e inferior puede permitir que un usuario autenticado remotamente con al menos permisos de solo lectura para acceder a otros endpoints de la organización a través de solicitudes GET manipuladas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	cve.org	4.9	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:R