An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fortimail
APPFortinet≤ 5.4.106.0.0 – 6.0.76.2.0 – 6.2.2Fortinet Fortivoice
APPFortinet6.0.0 – 6.0.1
Related vulnerabilities
Stack-based buffer overflow RCE w produktach Fortinet (FortiMail, FortiVoice i inne)
FortiMail: Pominięcie uwierzytelnienia admina przez RADIUS i remote_wildcard
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently ...
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4...
An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89...