CVE-2023-34991 — Vulnetix

CVE-2023-34991 PUBLISHED CVSS 5.300000190734863 MEDIUM

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

EPSS 9.80% · 93.1th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:C

EPSS Score

9.80%

93.1th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiMail	7.2.0, 7.0.0, 6.4.0

Timeline

Nov 14, 2023 CVE Published
Nov 15, 2023 EPSS Score
Dec 15, 2023 EPSS Score
Feb 14, 2024 EPSS Score
Mar 15, 2024 EPSS Score
May 14, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 13, 2024 EPSS Score
Sep 12, 2024 EPSS Score
Oct 12, 2024 EPSS Score
Nov 11, 2024 EPSS Score
Dec 19, 2024 PoC Published

References

https://www.fortiguard.com/psirt/FG-IR-22-299 advisory
https://www.fortiguard.com/psirt/FG-IR-23-306 advisory
https://www.fortiguard.com/psirt/FG-IR-23-274 advisory
https://www.fortiguard.com/psirt/FG-IR-23-385 advisory
https://www.fortiguard.com/psirt/FG-IR-22-518 advisory
https://www.fortiguard.com/psirt/FG-IR-22-292 advisory
https://www.fortiguard.com/psirt/FG-IR-23-108 advisory
https://www.fortiguard.com/psirt/FG-IR-23-290 advisory
https://www.fortiguard.com/psirt/FG-IR-23-287 advisory
https://www.fortiguard.com/psirt/FG-IR-23-064 advisory
https://www.fortiguard.com/psirt/FG-IR-23-135 advisory
https://www.fortiguard.com/psirt/FG-IR-23-177 advisory
https://www.fortiguard.com/psirt/FG-IR-23-061 advisory
https://www.fortiguard.com/psirt/FG-IR-23-151 advisory
https://www.fortiguard.com/psirt/FG-IR-22-396 advisory
https://www.fortiguard.com/psirt/FG-IR-23-143 advisory
https://www.fortiguard.com/psirt/FG-IR-23-142 advisory
https://www.fortiguard.com/psirt/FG-IR-23-203 advisory
https://www.fortiguard.com/psirt/FG-IR-23-265 advisory
https://fortiguard.com/psirt/FG-IR-23-203 url

Open in Interactive Console →