CVE-2024-40590 – FortiPortal Certificate Validation Weakness

CVE ID : CVE-2024-40590

Published : March 14, 2025, 3:15 p.m. | 1 hour, 44 minutes ago

Description : An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-40590 – FortiPortal Certificate Validation Weakness