A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-12921 A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 25 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2024-10-25T13:57:15.657Z

Reserved: 2021-01-25T00:00:00

Link: CVE-2021-26100

cve-icon Vulnrichment

Updated: 2024-08-03T20:19:19.725Z

cve-icon NVD

Status : Modified

Published: 2021-07-09T19:15:08.253

Modified: 2024-11-21T05:55:52.050

Link: CVE-2021-26100

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.