Vulnerability Database

311,379

Total vulnerabilities in the database

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.

  • Published: Jul 12, 2021
  • Updated: Nov 16, 2025
  • CVE: CVE-2021-24015
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortimail 6.2.0 6.2.7
fortinet / fortimail 6.4.0 6.4.4
fortinet / fortimail 6.0.0 6.0.11
fortinet / fortimail 5.4.0 5.4.12.x