AnĀ improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortiportal | Fortinet | 6.0.0 (including) | 7.0.9 (excluding) |
Fortiportal | Fortinet | 7.2.0 (including) | 7.2.5 (excluding) |
Fortiportal | Fortinet | 7.4.0 (including) | 7.4.0 (including) |