Lucene search

FortinetCVELIST:CVE-2021-24013

HistoryJul 12, 2021 - 1:30 p.m.

CVE-2021-24013

2021-07-1213:30:55

fortinet

www.cve.org

fortimail

path traversal

web requests

unauthorized access

data files

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

CNA Affected

[
  {
    "product": "Fortinet FortiMail",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiMail before 6.4.4"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-014

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Related for CVELIST:CVE-2021-24013