An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-23-202 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-10-10T16:49:50.906Z
Updated: 2024-08-02T16:52:53.483Z
Reserved: 2023-06-23T14:57:30.033Z
Link: CVE-2023-36556
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-10-10T17:15:12.140
Modified: 2023-11-07T04:16:37.820
Link: CVE-2023-36556
Redhat
No data.