Path Traversal Vulnerabilities in FortiMail Webmail
CVE-2021-24013

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortimail
Vendor: CVE Published:; 12 July 2021

Summary

Multiple path traversal vulnerabilities exist in the webmail component of FortiMail prior to version 6.4.4. These vulnerabilities could allow an authorized user to craft specific web requests that may enable unauthorized access to sensitive files and data within the system.

Affected Version(s)

Fortinet FortiMail FortiMail before 6.4.4

References

https://fortiguard.com/advisory/FG-IR-21-014

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2021
Vulnerability Reserved
Jan 13, 2021