CVE-2023-36633

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

Published: Nov 14, 2023
Updated: Nov 21, 2023
CVE: CVE-2023-36633
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
fortinet / fortimail	7.2.0	7.2.3
fortinet / fortimail	6.0.0	7.0.6

https://fortiguard.com/psirt/FG-IR-23-203

Vulnerability Database

289,697

CVE-2023-36633