Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
FortinetFortimail6.0.0

16 matches found

CVE
CVEadded 2022/03/01 6:15 p.m.87 views

CVE-2021-36166

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.

9.8CVSS9.4AI score0.00503EPSS
CVE
CVEadded 2022/03/01 7:15 p.m.84 views

CVE-2021-32586

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.

9.8CVSS9.4AI score0.00436EPSS
CVE
CVEadded 2020/04/27 5:15 p.m.79 views

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

9.8CVSS9.6AI score0.80131EPSS
CVE
CVEadded 2025/03/31 3:15 p.m.73 views

CVE-2023-33302

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

8.8CVSS7.8AI score0.00111EPSS
CVE
CVEadded 2023/03/09 3:15 p.m.71 views

CVE-2022-29056

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

5.3CVSS5.4AI score0.06948EPSS
CVE
CVEadded 2023/12/13 7:15 a.m.67 views

CVE-2022-27488

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6...

8.8CVSS8.8AI score0.00442EPSS
CVE
CVEadded 2022/11/02 12:15 p.m.62 views

CVE-2022-26122

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

8.6CVSS8.5AI score0.00112EPSS
CVE
CVEadded 2020/01/23 6:15 p.m.56 views

CVE-2019-15707

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.

4.9CVSS5.6AI score0.00867EPSS
CVE
CVEadded 2020/01/23 6:15 p.m.54 views

CVE-2019-15712

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.

7.2CVSS6.9AI score0.00539EPSS
CVE
CVEadded 2025/03/28 11:15 a.m.53 views

CVE-2021-24008

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, v...

5.3CVSS6.5AI score0.00074EPSS
CVE
CVEadded 2021/12/08 12:15 p.m.52 views

CVE-2021-32591

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confident...

5.3CVSS5.2AI score0.00167EPSS
CVE
CVEadded 2022/11/02 12:15 p.m.46 views

CVE-2022-39945

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (...

6.5CVSS6.2AI score0.00144EPSS
CVE
CVEadded 2021/07/12 2:15 p.m.41 views

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

8.8CVSS8.7AI score0.00313EPSS
CVE
CVEadded 2023/11/14 6:15 p.m.36 views

CVE-2023-36633

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

5.4CVSS5.4AI score0.00197EPSS
CVE
CVEadded 2021/07/12 2:15 p.m.32 views

CVE-2021-24013

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

8.8CVSS6.5AI score0.00386EPSS
CVE
CVEadded 2023/10/10 5:15 p.m.32 views

CVE-2023-36556

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

8.8CVSS8.4AI score0.00275EPSS