How severe is CVE-2023-36556?

CVE-2023-36556 has a CVSS v3 score of 8.8 (HIGH).

CVE-2023-36556

Name: fortimail
Author: fortinet

8.8HIGH

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other user

发布于: 10/10/2023更新于: 11/21/2024

描述

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

AI分析AI驱动

受影响产品

fortinetfortimail

7.2.0

fortinetfortimail

7.2.1

fortinetfortimail

7.2.2

参考资料

https://fortiguard.com/psirt/FG-IR-23-202
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-202
Vendor Advisory