Fortinet

Fortimail

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2024-40588

  • EPSS 0.02%
  • Veröffentlicht 12.08.2025 18:59:11
  • Zuletzt bearbeitet 14.08.2025 01:14:41

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCa...

9.8

CVE-2025-32756

Warnung
  • EPSS 10.06%
  • Veröffentlicht 13.05.2025 14:46:44
  • Zuletzt bearbeitet 25.08.2025 02:21:01

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 thr...

8.8

CVE-2023-33302

  • EPSS 0.11%
  • Veröffentlicht 31.03.2025 15:15:41
  • Zuletzt bearbeitet 23.07.2025 15:53:22

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 all...

5.3

CVE-2021-24008

  • EPSS 0.07%
  • Veröffentlicht 28.03.2025 10:13:32
  • Zuletzt bearbeitet 24.07.2025 19:57:26

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, versi...

7.5

CVE-2021-26091

  • EPSS 0.06%
  • Veröffentlicht 24.03.2025 15:37:58
  • Zuletzt bearbeitet 23.07.2025 15:53:04

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer part...

9.8

CVE-2023-47539

  • EPSS 0.07%
  • Veröffentlicht 18.03.2025 13:56:56
  • Zuletzt bearbeitet 24.07.2025 19:11:16

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.

6.7

CVE-2024-46663

  • EPSS 0.03%
  • Veröffentlicht 11.03.2025 14:54:31
  • Zuletzt bearbeitet 24.07.2025 18:10:35

A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Veröffentlicht 22.01.2025 10:15:07
  • Zuletzt bearbeitet 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

6.7

CVE-2024-56497

  • EPSS 0.09%
  • Veröffentlicht 14.01.2025 14:15:34
  • Zuletzt bearbeitet 03.02.2025 20:49:01

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 all...

8.8

CVE-2022-27488

  • EPSS 0.44%
  • Veröffentlicht 13.12.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 06:55:49

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6...