Fortinet Fortinet Fortimail
15 CVEs affecting Fortinet Fortinet Fortimail. Latest disclosed: 2022-11-02. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-36166 | Critical | 9.8 | 2022-03-01 | An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication… |
CVE-2021-24007 | Critical | 9.8 | 2021-07-09 | Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execut… |
CVE-2021-24013 | High | 8.8 | 2021-07-12 | Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via s… |
CVE-2021-22129 | High | 8.8 | 2021-07-09 | Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated att… |
CVE-2021-32586 | High | 7.7 | 2022-03-01 | An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the enviro… |
CVE-2021-26095 | High | 7.5 | 2021-07-20 | The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption co… |
CVE-2021-24020 | High | 7.5 | 2021-07-09 | A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthen… |
CVE-2021-24015 | High | 7.2 | 2021-07-12 | An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authe… |
CVE-2021-43062 | Medium | 6.1 | 2022-02-02 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below… |
CVE-2021-26100 | Medium | 5.9 | 2021-07-09 | A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encryp… |
CVE-2022-39945 | Medium | 5.4 | 2022-11-02 | An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an a… |
CVE-2022-26114 | Medium | 5.4 | 2022-09-06 | An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated att… |
CVE-2020-15933 | Medium | 5.3 | 2022-01-05 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versi… |
CVE-2021-26090 | Medium | 5.3 | 2021-07-12 | A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an una… |
CVE-2021-26099 | Medium | 4.4 | 2021-07-12 | Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted m… |