CVE-2023-36633

CWE-285CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 58.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortimail
Timeline
PublishedNov 14

Description

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDfortinet/fortimail6.0.07.0.6+1
CVEListV5fortinet/fortimail7.2.07.2.2+4

🔴Vulnerability Details

2
CVEList
CVE-2023-36633: An improper authorization vulnerability [CWE-285] in FortiMail webmail version 72023-11-14
GHSA
GHSA-vgmj-g5qh-wr55: An improper authorization vulnerability [CWE-285] in FortiMail webmail version 72023-11-14

📋Vendor Advisories

1
Fortinet
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allo...2023-11-14
CVE-2023-36633 (MEDIUM CVSS 5.4) | An improper authorization vulnerabi | cvebase.io