Unrated severityNVD Advisory· Published Nov 2, 2022· Updated Oct 22, 2024
CVE-2022-39945
CVE-2022-39945
Description
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).
Affected products
26.0 all versions, 6.2 all versions, 6.4 all versions, 7.0.0-7.0.3, 7.2.0+ 1 more
- (no CPE)range: 6.0 all versions, 6.2 all versions, 6.4 all versions, 7.0.0-7.0.3, 7.2.0
- (no CPE)range: FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.