VDB

CVE-2023-44252

CVE-2023-44252 PUBLISHED CVSS 5.300000190734863 MEDIUM

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

EPSS 0.24% · 47.2th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:C
EPSS Score
0.24%
47.2th percentile

Affected Products

VendorProductVersions
FortinetFortiMail7.2.0, 7.0.0, 6.4.0

Exploit Intelligence

Timeline

  • Nov 22, 2023 CVE Published
  • Dec 13, 2023 EPSS Score
  • Jan 11, 2024 EPSS Score
  • Feb 10, 2024 EPSS Score
  • Mar 10, 2024 EPSS Score
  • Apr 8, 2024 EPSS Score
  • May 7, 2024 EPSS Score
  • Jun 6, 2024 EPSS Score
  • Jul 5, 2024 EPSS Score
  • Aug 3, 2024 EPSS Score
  • Sep 1, 2024 EPSS Score
  • Oct 1, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›