Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortimail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45582
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.6 and prior to 6.4.8 may allow an unauthenticated malicious user to perform a brute force attack on the...
Fortinet Fortimail
Fortinet Fortimail 7.4.0
668
VMScore
CVE-2021-32586
An improper input validation vulnerability in the web server CGI facilities of FortiMail prior to 7.0.1 may allow an unauthenticated malicious user to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
668
VMScore
CVE-2021-36166
An improper authentication vulnerability in FortiMail prior to 7.0.1 may allow a remote malicious user to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
578
VMScore
CVE-2019-15712
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.
Fortinet Fortimail
Fortinet Fortimail 6.2.0
356
VMScore
CVE-2019-15707
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
Fortinet Fortimail
Fortinet Fortimail 6.2.0
NA
CVE-2022-26114
An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail prior to 7.2.0 may allow an unauthenticated malicious user to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
Fortinet Fortimail
578
VMScore
CVE-2021-26095
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie t...
Fortinet Fortimail
356
VMScore
CVE-2021-26099
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail prior to 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
Fortinet Fortimail
445
VMScore
CVE-2021-26100
A missing cryptographic step in the Identity-Based Encryption service of FortiMail prior to 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
Fortinet Fortimail
445
VMScore
CVE-2021-26090
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6 may allow an unauthenticated remote malicious user to exhaust available memory via specifically crafted login req...
Fortinet Fortimail
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »