CVE-2020-15933

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
fortinetfortimail
𝑥
≤ 6.0.9
fortinetfortimail
6.2.0
fortinetfortimail
6.2.1
fortinetfortimail
6.2.2
fortinetfortimail
6.2.3
fortinetfortimail
6.2.4
fortinetfortimail
6.4.0
fortinetfortimail
6.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-20-105
https://fortiguard.com/psirt/FG-IR-20-105