Fortimail Security Vulnerabilities and Issues — Fortimail CVE List

Lucene search

FortinetFortimail

11 matches found

CVE•added 2021/07/09 7:15 p.m.•77 views

CVE-2021-24007

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

9.8CVSS9.8AI score0.00707EPSS

CVE•added 2021/07/09 7:15 p.m.•72 views

CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.

9.8CVSS9.4AI score0.00171EPSS

CVE•added 2021/07/09 7:15 p.m.•72 views

CVE-2021-26100

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.

7.5CVSS7.4AI score0.00109EPSS

CVE•added 2021/07/09 7:15 p.m.•66 views

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafte...

8.8CVSS8.9AI score0.00452EPSS

CVE•added 2021/12/08 11:15 a.m.•62 views

CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

6.7CVSS6.9AI score0.00082EPSS

CVE•added 2021/12/08 12:15 p.m.•51 views

CVE-2021-32591

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confident...

5.3CVSS5.2AI score0.00167EPSS

CVE•added 2021/07/12 2:15 p.m.•40 views

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

8.8CVSS8.7AI score0.00313EPSS

CVE•added 2021/07/12 1:15 p.m.•37 views

CVE-2021-26090

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.

7.5CVSS7.5AI score0.00424EPSS

CVE•added 2021/07/12 10:15 a.m.•33 views

CVE-2021-26099

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.

4.9CVSS5AI score0.00159EPSS

CVE•added 2021/07/12 2:15 p.m.•31 views

CVE-2021-24013

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

8.8CVSS6.5AI score0.00386EPSS

CVE•added 2021/07/20 11:15 a.m.•31 views

CVE-2021-26095

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its co...

8.8CVSS8.7AI score0.00306EPSS