Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortimail vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-32586
An improper input validation vulnerability in the web server CGI facilities of FortiMail prior to 7.0.1 may allow an unauthenticated malicious user to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
7.5
CVSSv2
CVE-2021-36166
An improper authentication vulnerability in FortiMail prior to 7.0.1 may allow a remote malicious user to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
7.5
CVSSv2
CVE-2021-24020
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 up to and including 6.4.4, and 6.2.0 up to and including 6.2.7 may allow an unauthenticated malicious user to tamper with signed URLs by appending further data which allows bypass o...
Fortinet Fortimail
7.5
CVSSv2
CVE-2021-24007
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail prior to 6.4.4 may allow a non-authenticated malicious user to execute unauthorized code or commands via specifically crafted HTTP requests.
Fortinet Fortimail
7.5
CVSSv2
CVE-2020-9294
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and previous versions and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated malicious user to access the system as a legitimate user by requesting a password change via the user inter...
Fortinet Fortimail
Fortinet Fortivoice
1 Metasploit module
6.5
CVSSv2
CVE-2021-26095
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie t...
Fortinet Fortimail
6.5
CVSSv2
CVE-2021-24015
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail prior to 6.4.4 may allow an authenticated malicious user to execute unauthorized commands via specifically crafted HTTP requests.
Fortinet Fortimail
6.5
CVSSv2
CVE-2021-22129
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail prior to 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands vi...
Fortinet Fortimail
6.5
CVSSv2
CVE-2019-15712
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.
Fortinet Fortimail
Fortinet Fortimail 6.2.0
5
CVSSv2
CVE-2020-15933
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows malicious user to obtain potentially sensitive software-version information via client-side re...
Fortinet Fortimail
Fortinet Fortimail 6.2.0
Fortinet Fortimail 6.2.1
Fortinet Fortimail 6.2.2
Fortinet Fortimail 6.2.3
Fortinet Fortimail 6.2.4
Fortinet Fortimail 6.4.0
Fortinet Fortimail 6.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »