CVSS Score of 10 (low)


Published Nov 14, 2023
Updated: Nov 20, 2023
CWE ID 285
CWE ID 732


CVE-2023-36633 is an improper authorization vulnerability in FortiMail webmail versions 7.2.0 through 7.2.2 and before 7.0.5, allowing an authenticated attacker to view and modify the title of address book folders belonging to other users through crafted HTTP or HTTPs requests. This vulnerability affects a range of Fortinet products, including jHh7ge, jHh7gd, lhrMzx, and others. The risk score for this vulnerability is 25 out of 100. To remediate it, affected organizations should update their FortiMail webmail version to 7.0.5 or later. This vulnerability poses a medium-level danger to organizations as it can be exploited by attackers with low privileges, potentially leading to unauthorized access and modification of sensitive user data within the address book folders.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36633 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options