FortiManager - Access Control missing in P&O module assignment vulnerability
An improper authentication vulnerability CWE-287 in FortiManager may allow a standard user to assign or un-assign a global policy package via a POST request to flatui/json module...