CVE-2023-36633

Summary

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiMail7.2.0 <= 7.2.2affected
FortinetFortiMail7.0.0 <= 7.0.5affected
FortinetFortiMail6.4.0 <= 6.4.8affected
FortinetFortiMail6.2.0 <= 6.2.9affected
FortinetFortiMail6.0.0 <= 6.0.12affected

Weaknesses

  • CWE-285: Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References