VYPR
Unrated severityNVD Advisory· Published Nov 14, 2023· Updated Aug 30, 2024

CVE-2023-36633

CVE-2023-36633

Description

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

Affected products

2
  • Fortinet/Fortimailllm-fuzzy2 versions
    >=7.2.0 <=7.2.2, <7.0.5+ 1 more
    • (no CPE)range: >=7.2.0 <=7.2.2, <7.0.5
    • (no CPE)range: 7.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.