CVE-2023-36633
published 2023-11-14CVE-2023-36633: An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | — | — |
| fortinet | fortimail | >= 6.0.0 < 7.0.6 | 7.0.6 |
| fortinet | fortimail | 6.0.0 – 6.0.12 | — |
| fortinet | fortimail | 6.2.0 – 6.2.9 | — |
| fortinet | fortimail | 6.4.0 – 6.4.8 | — |
| fortinet | fortimail | 7.0.0 – 7.0.5 | — |
| fortinet | fortimail | >= 7.2.0 < 7.2.3 | 7.2.3 |
| fortinet | fortimail | 7.2.0 – 7.2.2 | — |