The combination of various cryptographic issues in the session management of FortiMail 6.4.0 up to and including 6.4.4 and 6.2.0 up to and including 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortimail |