CVE-2021-36166: An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.

Affected

7 ranges

Vendor	Product	Version range	Fixed in
fortinet	fortimail	<= 5.4.12	—
fortinet	fortimail	—	—
fortinet	fortimail	—	—
fortinet	fortimail	>= 6.0.0 < 6.0.12	6.0.12
fortinet	fortimail	>= 6.2.0 < 6.2.8	6.2.8
fortinet	fortimail	>= 6.4.0 < 6.4.6	6.4.6
fortinet	fortinet_fortimail	—	—