An improper privilege management vulnerability [CWE-269] in FortiPortal may allow a remote and authenticated attacker to add users outside its initial Idp
FortiPortal version 7.2.0 through 7.2.1
FortiPortal version 7.0.0 through 7.0.6
Please upgrade to FortiPortal version 7.2.2
Please upgrade to FortiPortal version 7.0.7
AcknowledgementInternally discovered and reported by Gary Chung of Fortinet Burnaby FortiPortal team.
2023-12-19: Initial publication