Auth bypass in Fortinet Fortimail
CVE-2023-36556
An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via…
Vulnerability class: Broken Access Control
EPSS: 0.004 (62.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C.
Affected products
- Fortinet Fortimail — versions 7.2.0, 7.0.0, 6.4.0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2023-36556?
- CVE-2023-36556 is a high-severity vulnerability in Fortinet Fortimail, classified under Incorrect Authorization. CVSS score: 8.6/10. Published 2023-10-10.
- How severe is CVE-2023-36556?
- High severity. CVSS v3 base score is 8.6 out of 10.