VYPR
Unrated severityNVD Advisory· Published Nov 2, 2022· Updated Oct 22, 2024

CVE-2022-39945

CVE-2022-39945

Description

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).

Affected products

2
  • Fortinet/Fortimailllm-fuzzy2 versions
    6.0 all versions, 6.2 all versions, 6.4 all versions, 7.0.0-7.0.3, 7.2.0+ 1 more
    • (no CPE)range: 6.0 all versions, 6.2 all versions, 6.4 all versions, 7.0.0-7.0.3, 7.2.0
    • (no CPE)range: FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.