CVE-2023-36556
8.8HIGHAn incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other user
게시됨: 10/10/2023업데이트됨: 11/21/2024
설명
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.
AI 분석AI 기반
영향받는 제품
fortinetfortimail
fortinetfortimail
fortinetfortimail
fortinetfortimail
fortinetfortimail
7.2.0
fortinetfortimail
7.2.1
fortinetfortimail
7.2.2
참조
- https://fortiguard.com/psirt/FG-IR-23-202Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-202Vendor Advisory