cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-26122,https://securityvulnerability.io/vulnerability/CVE-2022-26122,"Insufficient Data Verification in Fortinet’s FortiClient, FortiMail, and FortiOS Products","Fortinet has identified a vulnerability within its FortiClient, FortiMail, and FortiOS products that stems from inadequate verification of data authenticity. This flaw can be exploited by attackers who manipulate MIME attachments by introducing junk and pad characters in base64 encoding. As a result, the affected AV engines, specifically versions 6.2.168 and below, and 6.4.274 and below, may be circumvented, allowing potential unauthorized actions and data breaches. Users are urged to review the impact of this vulnerability and take appropriate measures.",Fortinet,"Fortinet Av Engine, Fortimail, FortiOS, Forticlient",4.7,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-39945,https://securityvulnerability.io/vulnerability/CVE-2022-39945,Improper Access Control in FortiMail by Fortinet,"An improper access control vulnerability has been identified in FortiMail, which allows authenticated admin users assigned to a specific domain to gain unauthorized access to the information of other domains. This vulnerability may be exploited through insecure direct object references (IDOR), provided that the attacker has valid admin credentials, giving them the ability to modify sensitive domain information unlawfully. It's crucial for organizations utilizing affected FortiMail versions to apply necessary patches and limit the administrative privileges appropriately to safeguard against potential exploitation.",Fortinet,Fortinet Fortimail,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-26114,https://securityvulnerability.io/vulnerability/CVE-2022-26114,Cross-Site Scripting Vulnerability in FortiMail by Fortinet,"An improper neutralization of input during web page generation within FortiMail's webmail feature could allow attackers to exploit this flaw. By sending specially crafted email messages, unauthenticated users might perform cross-site scripting attacks, compromising the security and functionality of vulnerable systems.",Fortinet,Fortinet Fortimail,5.4,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2022-09-06T15:15:12.000Z,0
CVE-2022-22299,https://securityvulnerability.io/vulnerability/CVE-2022-22299,Format String Vulnerability in Fortinet Products,"A format string vulnerability exists in the command line interpreter of multiple Fortinet products, including FortiADC, FortiOS, FortiProxy, and FortiMail. This vulnerability allows an authenticated user to exploit the issue by sending specially crafted command arguments, potentially leading to unauthorized code execution or command execution on the affected systems. This poses a significant risk to the integrity and security of the network environment, making it essential for users to ensure that all affected products are updated to secure versions.",Fortinet,"Fortinet Fortiadc, Fortiproxy, Fortimail, FortiOS",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:23:52.000Z,0
CVE-2021-32586,https://securityvulnerability.io/vulnerability/CVE-2021-32586,Input Validation Flaw in FortiMail Web Server CGI Facilities,"An input validation flaw has been discovered in the CGI facilities of FortiMail, potentially allowing unauthenticated attackers to manipulate the environment of the underlying script interpreter. This is achieved by sending specially crafted HTTP requests, which may lead to unauthorized actions within the application's environment. Fortinet has released updates to address this significant security issue.",Fortinet,Fortinet Fortimail,7.7,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2022-03-01T18:20:10.000Z,0
CVE-2021-36166,https://securityvulnerability.io/vulnerability/CVE-2021-36166,Improper Authentication Vulnerability in FortiMail by Fortinet,"An improper authentication vulnerability in FortiMail prior to version 7.0.1 enables potential remote attackers to compromise the authentication token of an administrative account. This can be achieved by observing certain properties of the system, which could allow unauthorized access. Organizations using impacted versions should apply updates promptly to mitigate the risk associated with this vulnerability.",Fortinet,Fortinet Fortimail,9.8,CRITICAL,0.0042500002309679985,false,,false,false,false,,,false,false,,2022-03-01T18:10:10.000Z,0
CVE-2021-43062,https://securityvulnerability.io/vulnerability/CVE-2021-43062,Cross-Site Scripting Vulnerability in Fortinet FortiMail,"Fortinet FortiMail suffers from a cross-site scripting vulnerability due to improper neutralization of user input during web page generation. This vulnerability can be exploited by an attacker through crafted HTTP GET requests directed at the FortiGuard URI protection service, enabling unauthorized code execution or command execution.",Fortinet,Fortinet Fortimail,6.1,MEDIUM,0.00215999991632998,false,,false,false,false,,,false,false,,2022-02-02T11:08:07.000Z,0
CVE-2020-15933,https://securityvulnerability.io/vulnerability/CVE-2020-15933,Sensitive Information Exposure in Fortinet FortiMail Products,"Fortinet FortiMail versions 6.0.9 and below, along with 6.2.4 and 6.4.1/6.4.0, expose sensitive software-version information to unauthorized users. This vulnerability arises from inadequate security measures, allowing attackers to inspect client-side resources and extract potentially sensitive data, posing risks to system integrity and data confidentiality.",Fortinet,Fortinet Fortimail,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-01-05T11:29:04.000Z,0
CVE-2021-26095,https://securityvulnerability.io/vulnerability/CVE-2021-26095,Cryptographic Vulnerabilities in FortiMail by Fortinet,"FortiMail versions 6.4.0 to 6.4.4 and 6.2.0 to 6.2.6 by Fortinet are impacted by cryptographic vulnerabilities in session management. These flaws in the encryption of session cookies can enable remote attackers, who have access to a valid cookie, to potentially manipulate, reveal, or forge its content. This exploit could result in privilege escalation, posing significant security risks to the affected systems.",Fortinet,Fortinet Fortimail,7.5,HIGH,0.0031399999279528856,false,,false,false,false,,,false,false,,2021-07-20T10:48:06.000Z,0
CVE-2021-24013,https://securityvulnerability.io/vulnerability/CVE-2021-24013,Path Traversal Vulnerabilities in FortiMail Webmail,Multiple path traversal vulnerabilities exist in the webmail component of FortiMail prior to version 6.4.4. These vulnerabilities could allow an authorized user to craft specific web requests that may enable unauthorized access to sensitive files and data within the system.,Fortinet,Fortinet Fortimail,8.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2021-07-12T13:30:55.000Z,0
CVE-2021-24015,https://securityvulnerability.io/vulnerability/CVE-2021-24015,OS Command Injection Vulnerability in FortiMail by Fortinet,"An OS Command Injection vulnerability exists in the administrative interface of FortiMail prior to version 6.4.4. This flaw enables authenticated attackers to execute unauthorized commands by sending specially crafted HTTP requests, potentially compromising the system's integrity and security. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.",Fortinet,Fortinet Fortimail,7.2,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-07-12T13:25:53.000Z,0
CVE-2021-26090,https://securityvulnerability.io/vulnerability/CVE-2021-26090,Memory Exhaustion Vulnerability in FortiMail by Fortinet,"A vulnerability exists in FortiMail's webmail service across several versions, where improper memory management can lead to exhaustion of system resources. An unauthenticated attacker may exploit this flaw by sending specially crafted login requests, potentially disrupting service availability. It is crucial for users of affected versions to implement necessary patches to mitigate these risks and maintain operational integrity.",Fortinet,Fortinet Fortimail,5.3,MEDIUM,0.0017900000093504786,false,,false,false,false,,,false,false,,2021-07-12T12:53:27.000Z,0
CVE-2021-26099,https://securityvulnerability.io/vulnerability/CVE-2021-26099,Cryptographic Flaw in FortiMail's Identity-Based Encryption Service,"A security vulnerability exists in the Identity-Based Encryption service of FortiMail prior to version 7.0.0. This flaw may enable an attacker who gains access to the encrypted master keys to breach their confidentiality. By analyzing specific invariant properties of the ciphertext produced by the service, an adversary could potentially compromise sensitive information.",Fortinet,Fortinet Fortimail,4.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-07-12T09:56:37.000Z,0
CVE-2021-24007,https://securityvulnerability.io/vulnerability/CVE-2021-24007,SQL Injection Vulnerability in FortiMail by Fortinet,"Multiple improper neutralization issues in FortiMail prior to version 6.4.4 enable non-authenticated attackers to potentially execute unauthorized commands or code by sending specially crafted HTTP requests. This vulnerability poses significant risks to users by allowing attackers to manipulate SQL queries, which can lead to data exfiltration and unauthorized access.",Fortinet,Fortinet Fortimail,9.8,CRITICAL,0.0035600000992417336,false,,false,false,false,,,false,false,,2021-07-09T18:37:57.000Z,0
CVE-2021-22129,https://securityvulnerability.io/vulnerability/CVE-2021-22129,Buffer Overflow Vulnerability in FortiMail Webmail and Administrative Interface,"Multiple instances of incorrect buffer size calculations in the FortiMail Webmail and Administrative interface prior to version 6.4.5 create potential vulnerabilities. Authenticated users with webmail access can exploit this flaw by sending specially crafted HTTP requests, potentially enabling the execution of unauthorized code or commands.",Fortinet,Fortinet Fortimail,8.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2021-07-09T18:26:30.000Z,0
CVE-2021-26100,https://securityvulnerability.io/vulnerability/CVE-2021-26100,Cryptographic Vulnerability in FortiMail by Fortinet,"A flaw in the Identity-Based Encryption service of FortiMail allows unauthorized attackers to intercept and manipulate encrypted messages, compromising their integrity. This enables attackers to alter the contents and potentially recover the plaintext, posing significant security risks for users relying on the confidentiality of their communications.",Fortinet,Fortinet Fortimail,5.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2021-07-09T18:23:01.000Z,0
CVE-2021-24020,https://securityvulnerability.io/vulnerability/CVE-2021-24020,Cryptographic Implementation Flaw in FortiMail by Fortinet,"A significant flaw exists in FortiMail versions 6.4.0 through 6.4.4 and 6.2.0 through 6.2.7 due to a missing cryptographic step in the hash digest algorithm implementation. This weakness can be exploited by an unauthenticated attacker to manipulate signed URLs by appending additional data. As a result, the attacker could bypass the intended signature verification process, leading to potential security breaches and unauthorized access.",Fortinet,Fortinet Fortimail,7.5,HIGH,0.0030799999367445707,false,,false,false,false,,,false,false,,2021-07-09T18:17:26.000Z,0
CVE-2019-15707,https://securityvulnerability.io/vulnerability/CVE-2019-15707,Improper Access Control in FortiMail Web Interface,"An improper access control vulnerability exists in the FortiMail admin web interface, affecting several versions including 6.2.0 and earlier 6.0.x releases, as well as versions up to 5.4.10. This vulnerability could enable unauthorized administrators to download system configuration backups without appropriate permissions, presenting a serious risk to the integrity and confidentiality of the system. Organizations using these versions should assess their exposure and apply necessary mitigations.",Fortinet,Fortinet Fortimail,4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-01-23T17:47:00.000Z,0
CVE-2019-15712,https://securityvulnerability.io/vulnerability/CVE-2019-15712,Improper Access Control in FortiMail Admin WebUI,"An improper access control vulnerability exists in FortiMail's admin webUI, allowing unauthorized administrators to gain access to the web console. This flaw affects multiple versions of the product, potentially compromising the security posture of network environments using FortiMail for email protection and management.",Fortinet,Fortinet Fortimail,7.2,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2020-01-23T17:40:40.000Z,0