all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Client-side enforcement of server-side security related to customer reports features

Add to bookmarks
May 14, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

Client-side enforcement of server-side security vulnerability [CWE-602] in FortiPortal may allow an authenticated attacker with a customer account to access other customers information via crafted HTTP requests.

access account attacker client client-side customer customers cwe enforcement features http http requests information may reports requests security security vulnerability server vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS/FortiProxy - XSS in reboot page 2 weeks, 1 day ago | fortiguard.fortinet.com
access admin attacker code +18
Stack buffer overflow on bluetooth write feature 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code arbitrary code execution attacker bluetooth +14
Blind SQL Injection 2 weeks, 1 day ago | fortiguard.fortinet.com
blind command cwe download +8
Buffer overflow in fgfmd 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +15
FortiSOAR is vulnerable to sql injection in Event Auth API via uuid parameter 2 weeks, 1 day ago | fortiguard.fortinet.com
api attacker auth code +14
Multiple buffer overflows in diag npu command 2 weeks, 1 day ago | fortiguard.fortinet.com
attacker buffer buffer overflow buffer overflows +14
TunnelVision - CVE-2024-3661 2 weeks, 1 day ago | fortiguard.fortinet.com
attack attacker aware bypass +18
Weak key derivation for backup file 2 weeks, 1 day ago | fortiguard.fortinet.com
access admin attacker backup +14
Buffer overflow in administrative interface 1 month, 1 week ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel
View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN
View on infosec-jobs.com