CVE-2023-36556
8.8HIGHAn incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other user
Опубликовано: 10/10/2023Обновлено: 11/21/2024
Описание
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.
ИИ-АнализНа базе ИИ
Затронутые продукты
fortinetfortimail
fortinetfortimail
fortinetfortimail
fortinetfortimail
fortinetfortimail
7.2.0
fortinetfortimail
7.2.1
fortinetfortimail
7.2.2
Ссылки
- https://fortiguard.com/psirt/FG-IR-23-202Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-23-202Vendor Advisory