CVE-2023-36556

Summary

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiMail7.2.0 <= 7.2.2affected
FortinetFortiMail7.0.0 <= 7.0.5affected
FortinetFortiMail6.4.0 <= 6.4.7affected
FortinetFortiMail6.2.0 <= 6.2.9affected
FortinetFortiMail6.0.0 <= 6.0.12affected

Weaknesses

  • CWE-863: Escalation of privilege

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References