An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.

Related CVEs

CVE-2017-7337

Key Information

GHSA ID

GHSA-qwv8-9h62-365r

Published

May 13, 2022 1:46 AM

Last Modified

May 13, 2022 1:46 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.