CVE-2024-40590
Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-295
Validación incorrecta de certificados
Fecha de publicación:
14/03/2025
Última modificación:
14/03/2025
Descripción
*** Pendiente de traducción *** An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
Impacto
Puntuación base 3.x
4.80
Gravedad 3.x
MEDIA