CVE-2024-21761

Name of the Vulnerable Software and Affected Versions FortiPortal versions 7.0.6 and below FortiPortal version 7.2.0

Description An improper authorization issue in FortiPortal may allow a user to download other organizations' reports via modification in the request payload. This issue could potentially be exploited by modifying the request to access unauthorized data.

Recommendations For FortiPortal versions 7.0.6 and below, update to a version above 7.0.6 to resolve the issue. For FortiPortal version 7.2.0, update to a version above 7.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the report download functionality to minimize the risk of exploitation.