An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortimail
APPFortinet≤ 5.4.106.0.0 – 6.0.76.2.0 – 6.2.2Fortinet Fortivoice
APPFortinet6.0.0 – 6.0.1
Powiązane podatności
Stack-based buffer overflow RCE w produktach Fortinet (FortiMail, FortiVoice i inne)
FortiMail: Pominięcie uwierzytelnienia admina przez RADIUS i remote_wildcard
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently ...
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4...
An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89...