CVE-2023-36556

July 4, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2023-36556
Type cve
Published 2023-10-10T16:49:50.906Z
Modified 2024-10-22T20:57:57.262Z

Product Information

Vendor Fortinet
Product FortiMail
Version 7.2.0

CVSS Information

Base Score 8.6 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected Products

  • Fortinet FortiMail 7.2.0
  • Fortinet FortiMail 7.0.0
  • Fortinet FortiMail 6.4.0
  • Fortinet FortiMail 6.2.0
  • Fortinet FortiMail 6.0.0

Additional Information

CWE List CWE-863
Source fortinet

Description

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.