An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-203 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2023, 18:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Fortinet
Fortinet fortimail |
|
CPE | cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
References | () https://fortiguard.com/psirt/FG-IR-23-203 - Vendor Advisory |
14 Nov 2023, 18:51
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-14 18:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-36633
Mitre link : CVE-2023-36633
CVE.ORG link : CVE-2023-36633
JSON object : View
Products Affected
fortinet
- fortimail