CVE-2022-39945
published 2022-11-02CVE-2022-39945: An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an…
medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | — | — |
| fortinet | fortimail | — | — |
| fortinet | fortimail | 6.0.0 – 6.0.12 | — |
| fortinet | fortimail | 6.2.0 – 6.2.9 | — |
| fortinet | fortimail | 6.4.0 – 6.4.7 | — |
| fortinet | fortimail | 7.0.0 – 7.0.3 | — |
| fortinet | fortinet_fortimail | — | — |