An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-23-203 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-11-14T18:07:46.082Z
Updated: 2024-08-30T18:10:16.620Z
Reserved: 2023-06-25T18:03:39.225Z
Link: CVE-2023-36633
Vulnrichment
Updated: 2024-08-02T16:52:53.973Z
NVD
Status : Analyzed
Published: 2023-11-14T18:15:49.107
Modified: 2023-11-20T18:42:29.633
Link: CVE-2023-36633
Redhat
No data.