Fortinet FortiPortal Sensitive Information Log Exposure Vulnerability

Vulnerability

A vulnerability exists in Fortinet FortiPortal in versions 7.4.0, 7.2.0 through 7.2.5, and 7.0.0 through 7.0.9, allowing an authenticated attacker with read-only admin permissions to access encrypted secrets through the FortiPortal System Log. This issue arises from the improper handling of sensitive information, which is inadvertently logged and can be viewed by users with the appropriate permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to encrypted sensitive information, potentially allowing for further attacks or exploitation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiPortal Sensitive Information Log Exposure Vulnerability

Vulnerability

Impact

Affected Products

Fortinet FortiPortal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating