{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-36556", "ASSIGNER": "psirt@fortinet.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Escalation of privilege", "cweId": "CWE-863" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Fortinet", "product": { "product_data": [ { "product_name": "FortiMail", "version": { "version_data": [ { "version_affected": "<=", "version_name": "7.2.0", "version_value": "7.2.2" }, { "version_affected": "<=", "version_name": "7.0.0", "version_value": "7.0.5" }, { "version_affected": "<=", "version_name": "6.4.0", "version_value": "6.4.7" }, { "version_affected": "<=", "version_name": "6.2.0", "version_value": "6.2.9" }, { "version_affected": "<=", "version_name": "6.0.0", "version_value": "6.0.12" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-202", "refsource": "MISC", "name": "https://fortiguard.com/psirt/FG-IR-23-202" } ] }, "solution": [ { "lang": "en", "value": "Please upgrade to FortiMail version 7.4.0 or above Please upgrade to FortiMail version 7.2.3 or above Please upgrade to FortiMail version 7.0.6 or above Please upgrade to FortiMail version 6.4.8 or above " } ], "impact": { "cvss": [ { "version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C" } ] } }