VDB
CVE-2023-44251
CVE-2023-44251
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
EPSS 0.63% · 70.7th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:C
EPSS Score
0.63%
70.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiMail | 7.2.0, 6.4.0, 7.0.0 |
Exploit Intelligence
Timeline
- Nov 22, 2023 CVE Published
- Dec 13, 2023 EPSS Score
- Jan 11, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 5, 2024 EPSS Score
- Aug 3, 2024 EPSS Score
- Sep 1, 2024 EPSS Score
- Oct 1, 2024 EPSS Score
References
- https://www.fortiguard.com/psirt/FG-IR-22-299 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-306 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-274 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-385 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-518 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-292 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-108 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-290 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-287 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-064 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-135 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-177 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-061 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-151 advisory
- https://www.fortiguard.com/psirt/FG-IR-22-396 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-143 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-142 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-203 advisory
- https://www.fortiguard.com/psirt/FG-IR-23-265 advisory
- https://fortiguard.com/psirt/FG-IR-23-203 url