Fortimail Security Vulnerabilities and Issues — Fortimail CVE List

Lucene search

FortinetFortimail

8 matches found

CVE•added 2025/03/31 3:15 p.m.•72 views

CVE-2023-33302

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail...

8.8CVSS7.8AI score0.00102EPSS

CVE•added 2021/07/09 7:15 p.m.•66 views

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafte...

8.8CVSS8.9AI score0.00452EPSS

CVE•added 2023/12/13 7:15 a.m.•66 views

CVE-2022-27488

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6...

8.8CVSS8.8AI score0.00442EPSS

CVE•added 2022/11/02 12:15 p.m.•61 views

CVE-2022-26122

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

8.6CVSS8.5AI score0.00105EPSS

CVE•added 2021/07/12 2:15 p.m.•40 views

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

8.8CVSS8.7AI score0.00313EPSS

CVE•added 2021/07/12 2:15 p.m.•31 views

CVE-2021-24013

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

8.8CVSS6.5AI score0.00386EPSS

CVE•added 2021/07/20 11:15 a.m.•31 views

CVE-2021-26095

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its co...

8.8CVSS8.7AI score0.00306EPSS

CVE•added 2023/10/10 5:15 p.m.•31 views

CVE-2023-36556

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

8.8CVSS8.4AI score0.00275EPSS