Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortimail vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-39945
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 up to and including 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via inse...
Fortinet Fortimail
Fortinet Fortimail 7.2.0
9.8
CVSSv3
CVE-2021-36166
An improper authentication vulnerability in FortiMail prior to 7.0.1 may allow a remote malicious user to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
9.8
CVSSv3
CVE-2021-32586
An improper input validation vulnerability in the web server CGI facilities of FortiMail prior to 7.0.1 may allow an unauthenticated malicious user to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
5.3
CVSSv3
CVE-2022-29056
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 up to and including 6.2.4 and prior to 6.0.9 allows a remote unauthenticated malicious user to partially exhaust CPU and memory via sending numer...
Fortinet Fortimail 6.4.0
Fortinet Fortimail
7.3
CVSSv3
CVE-2023-45582
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.6 and prior to 6.4.8 may allow an unauthenticated malicious user to perform a brute force attack on the...
Fortinet Fortimail
Fortinet Fortimail 7.4.0
8.8
CVSSv3
CVE-2021-26095
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie t...
Fortinet Fortimail
9.8
CVSSv3
CVE-2021-24007
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail prior to 6.4.4 may allow a non-authenticated malicious user to execute unauthorized code or commands via specifically crafted HTTP requests.
Fortinet Fortimail
7.5
CVSSv3
CVE-2021-26090
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6 may allow an unauthenticated remote malicious user to exhaust available memory via specifically crafted login req...
Fortinet Fortimail
7.5
CVSSv3
CVE-2021-26100
A missing cryptographic step in the Identity-Based Encryption service of FortiMail prior to 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
Fortinet Fortimail
8.8
CVSSv3
CVE-2021-22129
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail prior to 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands vi...
Fortinet Fortimail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »