CVE-2023-48783

Summary

CVE-2023-48783 is an Authorization Bypass Through User-Controlled Key vulnerability that affects versions 7.2.1 and below of PortiPortal, along with versions 7.0.6 and below, 6.0.14 and below, and 5.3.8 and below. This vulnerability may allow a remote authenticated user with read-only permissions to access other organization endpoints through crafted GET requests. The vulnerability has a risk score of 25 and a base severity rating of MEDIUM. The potential danger it poses to an organization includes low integrity and confidentiality impact, along with no availability impact. The affected products include qXFuIf, phEc6f, phEc6e, phEc6d, uLE7Hf, kasaj_, phEc6c, qLMEp2, qLMEp3, qLMEp1, jcVAiI, jcVAiE, jcVAiF, jcVAiG, jcVAiH, jcVAiA, jcVAiB, jcVAiC, jcVAiD, jcVAh8, jcVAh9, jcVAh-, jcVAh_, t1jDxk , kasakA , uLE7Hg , uLE7Hh , uLE7Hi , phEc6g , uLE7Hj , uLE7Hk , and uLE7Hl.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.