An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).
Advisories
Source ID Title
EUVD EUVD EUVD-2022-42389 An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Tue, 22 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2024-10-22T20:52:37.091Z

Reserved: 2022-09-05T00:00:00

Link: CVE-2022-39945

cve-icon Vulnrichment

Updated: 2024-08-03T12:07:42.982Z

cve-icon NVD

Status : Modified

Published: 2022-11-02T12:15:54.973

Modified: 2024-11-21T07:18:32.020

Link: CVE-2022-39945

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.