Vulnerability Database

296,746

Total vulnerabilities in the database

CVE-2022-39945

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).

  • Published: Nov 2, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-39945
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortimail 6.0.0 6.0.12.x
fortinet / fortimail 6.2.0 6.2.9.x
fortinet / fortimail 7.0.0 7.0.3.x
fortinet / fortimail 6.4.0 6.4.7.x
fortinet / fortimail 7.2.0 7.2.0.x