CVE-2023-36633
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-36633 is a recently disclosed cybersecurity vulnerability affecting FortiMail webmail versions 7.2.0 through 7.2.2 and older versions up to 7.0.5. This issue is classified as an improper authorization vulnerability (CWE-285), allowing authenticated attackers to manipulate the titles of address book folders of other users through carefully crafted HTTP or HTTPs requests. With this vulnerability, attackers can potentially gain unauthorized access to sensitive information or mislead users with false folder titles, posing a significant risk to the security and privacy of the affected email system. Organizations that use FortiMail webmail are strongly advised to apply the available patches or updates to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Fortinet FortiMail
Affected Vendors
- Fortinet