Fortimail Security Vulnerabilities and Issues — Fortimail CVE List

Lucene search

FortinetFortimail

8 matches found

CVE•added 2022/08/05 8:15 p.m.•112 views

CVE-2022-22299

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 throu...

7.8CVSS7.8AI score0.00133EPSS

CVE•added 2022/03/01 6:15 p.m.•87 views

CVE-2021-36166

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.

9.8CVSS9.4AI score0.00503EPSS

CVE•added 2022/03/01 7:15 p.m.•84 views

CVE-2021-32586

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.

9.8CVSS9.4AI score0.00436EPSS

CVE•added 2022/02/02 11:15 a.m.•74 views

CVE-2021-43062

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to ...

6.1CVSS6.4AI score0.47917EPSS

CVE•added 2022/11/02 12:15 p.m.•62 views

CVE-2022-26122

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

8.6CVSS8.5AI score0.00112EPSS

CVE•added 2022/11/02 12:15 p.m.•46 views

CVE-2022-39945

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (...

6.5CVSS6.2AI score0.00144EPSS

CVE•added 2022/09/06 4:15 p.m.•44 views

CVE-2022-26114

An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.

6.1CVSS6AI score0.0083EPSS

CVE•added 2022/01/05 12:15 p.m.•41 views

CVE-2020-15933

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.

5.3CVSS5AI score0.00237EPSS