An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 up to and including 7.2.2, version 7.0.0 up to and including 7.0.5 and below 6.4.7 allows an authenticated malicious user to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortimail |
||
fortinet fortimail 7.2.0 |
||
fortinet fortimail 7.2.1 |
||
fortinet fortimail 7.2.2 |