Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortimail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-26114
An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail prior to 7.2.0 may allow an unauthenticated malicious user to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
Fortinet Fortimail
356
VMScore
CVE-2021-26099
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail prior to 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
Fortinet Fortimail
445
VMScore
CVE-2021-26100
A missing cryptographic step in the Identity-Based Encryption service of FortiMail prior to 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
Fortinet Fortimail
668
VMScore
CVE-2021-24007
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail prior to 6.4.4 may allow a non-authenticated malicious user to execute unauthorized code or commands via specifically crafted HTTP requests.
Fortinet Fortimail
356
VMScore
CVE-2021-24013
Multiple Path traversal vulnerabilities in the Webmail of FortiMail prior to 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
Fortinet Fortimail
578
VMScore
CVE-2021-24015
An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail prior to 6.4.4 may allow an authenticated malicious user to execute unauthorized commands via specifically crafted HTTP requests.
Fortinet Fortimail
NA
CVE-2023-36633
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 up to and including 7.2.2 and prior to 7.0.5 allows an authenticated malicious user to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
Fortinet Fortimail
383
VMScore
CVE-2021-43062
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows malicious user to execute unauthorized code or command...
Fortinet Fortimail
668
VMScore
CVE-2021-24020
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 up to and including 6.4.4, and 6.2.0 up to and including 6.2.7 may allow an unauthenticated malicious user to tamper with signed URLs by appending further data which allows bypass o...
Fortinet Fortimail
NA
CVE-2022-27488
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 up to and including 7.0.4, 6.4.0 up to and including 6.4.10, 6.2.0 up to and including 6.2.7, 6.0.x, FortiMail version 7.0.0 up to and including 7.0.3, 6.4.0 up to...
Fortinet Fortiswitch
Fortinet Fortimail
Fortinet Fortirecorder
Fortinet Fortiai 1.5.3
Fortinet Fortiai 1.1.0
Fortinet Fortindr 7.1.0
Fortinet Fortindr
Fortinet Fortivoice
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »