CVE-2021-26099
published 2021-07-12CVE-2021-26099: Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted…
medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | — | — |
| fortinet | fortimail | >= 5.0 < 7.0.0 | 7.0.0 |
| fortinet | fortinet_fortimail | — | — |