CVE-2023-36633
14.11.2023, 18:15
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortimail | 6.0.0 ≤ 𝑥 < 7.0.6 |
| fortinet | fortimail | 7.2.0 ≤ 𝑥 < 7.2.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.