Fortimail@7.2.0 Security Vulnerabilities and Issues — Fortimail@7.2.0 CVE List

Lucene search

FortinetFortimail7.2.0

3 matches found

CVE•added 2022/11/02 12:15 p.m.•45 views

CVE-2022-39945

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (...

6.5CVSS6.2AI score0.00108EPSS

CVE•added 2023/10/10 5:15 p.m.•31 views

CVE-2023-36556

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

8.8CVSS8.4AI score0.00275EPSS

CVE•added 2023/10/10 5:15 p.m.•24 views

CVE-2023-36637

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.

5.4CVSS5.3AI score0.0027EPSS