CVSS Score of 10 (low)


Published Oct 10, 2023
Updated: Nov 7, 2023
CWE ID 863


CVE-2023-36556 is an incorrect authorization vulnerability (CWE-863) that affects FortiMail webmail versions 7.2.0 through 7.2.2, versions 7.0.0 through 7.0.5, and versions below 6.4.7. It allows an authenticated attacker to login to other users' accounts within the same web domain by using crafted HTTP or HTTPs requests. The vulnerability has a high severity rating and poses a potential danger to organizations as it can lead to unauthorized access to sensitive information and compromise the confidentiality and integrity of the system. To remediate this vulnerability, organizations should update their FortiMail webmail installations to a version that is not affected by the vulnerability.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36556 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options