Lucene search

K

6 matches found

CVE
CVE
added 2023/03/09 3:15 p.m.67 views

CVE-2022-29056

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

5.3CVSS5.4AI score0.06948EPSS
CVE
CVE
added 2023/12/13 7:15 a.m.66 views

CVE-2022-27488

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6...

8.8CVSS8.8AI score0.00442EPSS
CVE
CVE
added 2023/11/14 6:15 p.m.48 views

CVE-2023-45582

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts.

7.3CVSS7.3AI score0.00206EPSS
CVE
CVE
added 2023/11/14 6:15 p.m.35 views

CVE-2023-36633

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

5.4CVSS5.4AI score0.00197EPSS
CVE
CVE
added 2023/10/10 5:15 p.m.31 views

CVE-2023-36556

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

8.8CVSS8.4AI score0.00275EPSS
CVE
CVE
added 2023/10/10 5:15 p.m.24 views

CVE-2023-36637

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.

5.4CVSS5.3AI score0.0027EPSS