CVE-2023-36633

CVSS 5.3 MEDIUMEPSS 0.5%CWE-285

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:C

Affected products

Fortinet · FortiMail

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/psirt/FG-IR-23-203