CVE-2022-29056
published 2023-03-09CVE-2022-29056: A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiauthenticator | — | — |
| fortinet | fortideceptor | — | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | 5.4.0 – 5.4.12 | — |
| fortinet | fortimail | >= 6.0.0 < 6.0.10 | 6.0.10 |
| fortinet | fortimail | 6.0.0 – 6.0.9 | — |
| fortinet | fortimail | >= 6.2.1 < 6.2.5 | 6.2.5 |
| fortinet | fortimail | 6.2.1 – 6.2.4 | — |
| fortinet | fortinet | — | — |