2 matches found
CVE-2021-26095
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its...
CVE-2021-26095
FortiMail is affected by cryptographic issues in the session management cookie for FortiMail 6.2.0–6.2.6 and 6.4.0–6.4.4. The vulnerability allows a remote attacker who already holds a valid cookie to reveal, alter, or forge its content, potentially escalating privileges. Remediation per Fortinet...