VYPR

Fortimail

by Fortinet

CVEs (45)

  • CVE-2021-26100Jul 9, 2021
    risk 0.00cvss epss 0.00

    A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.

  • CVE-2021-24020Jul 9, 2021
    risk 0.00cvss epss 0.01

    A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.

  • CVE-2019-15707Jan 23, 2020
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.

  • CVE-2015-3293Apr 14, 2015
    risk 0.00cvss epss 0.01

    FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.

  • CVE-2014-8617Mar 4, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release…

Page 3 of 3