Authorizations Bypass in the FortiPresence portal parameters
Summary
Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters.
Affected Products
FortiPresence 2.1.0 and below
Solutions
Please upgrade to FortiPresence 20.1 or above.
Starting in 2020, FortiPresence will employ a new version syntax.
Acknowledgement
Fortinet is pleased to thank SI9INT for reporting this vulnerability under responsible disclosure.