VYPR
Unrated severityNVD Advisory· Published Oct 10, 2023· Updated Dec 16, 2025

CVE-2023-36556

CVE-2023-36556

Description

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

Affected products

2
  • Fortinet/Fortimailllm-fuzzy2 versions
    <=7.2.2, <=7.0.5, <6.4.7+ 1 more
    • (no CPE)range: <=7.2.2, <=7.0.5, <6.4.7
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.