An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-23-202 |
History
Tue, 22 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-10-10T16:49:50.906Z
Updated: 2024-10-22T20:57:57.262Z
Reserved: 2023-06-23T14:57:30.033Z
Link: CVE-2023-36556
Vulnrichment
Updated: 2024-08-02T16:52:53.483Z
NVD
Status : Modified
Published: 2023-10-10T17:15:12.140
Modified: 2024-11-21T08:09:55.593
Link: CVE-2023-36556
Redhat
No data.