CVE-2023-44252 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-44252 PUBLISHED CVSS 5.300000190734863 MEDIUM

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

EPSS 0.24% · 46.8th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:C

EPSS Score

0.24%

46.8th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiMail	7.2.0, 7.0.0, 6.4.0

Timeline

Nov 22, 2023 CVE Published
Dec 13, 2023 EPSS Score
Jan 11, 2024 EPSS Score
Feb 8, 2024 EPSS Score
Mar 8, 2024 EPSS Score
Apr 6, 2024 EPSS Score
May 4, 2024 EPSS Score
Jun 2, 2024 EPSS Score
Jul 1, 2024 EPSS Score
Jul 30, 2024 EPSS Score
Aug 27, 2024 EPSS Score
Sep 25, 2024 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-22-299 advisory
https://www.fortiguard.com/psirt/FG-IR-23-306 advisory
https://www.fortiguard.com/psirt/FG-IR-23-274 advisory
https://www.fortiguard.com/psirt/FG-IR-23-385 advisory
https://www.fortiguard.com/psirt/FG-IR-22-518 advisory
https://www.fortiguard.com/psirt/FG-IR-22-292 advisory
https://www.fortiguard.com/psirt/FG-IR-23-108 advisory
https://www.fortiguard.com/psirt/FG-IR-23-290 advisory
https://www.fortiguard.com/psirt/FG-IR-23-287 advisory
https://www.fortiguard.com/psirt/FG-IR-23-064 advisory
https://www.fortiguard.com/psirt/FG-IR-23-135 advisory
https://www.fortiguard.com/psirt/FG-IR-23-177 advisory
https://www.fortiguard.com/psirt/FG-IR-23-061 advisory
https://www.fortiguard.com/psirt/FG-IR-23-151 advisory
https://www.fortiguard.com/psirt/FG-IR-22-396 advisory
https://www.fortiguard.com/psirt/FG-IR-23-143 advisory
https://www.fortiguard.com/psirt/FG-IR-23-142 advisory
https://www.fortiguard.com/psirt/FG-IR-23-203 advisory
https://www.fortiguard.com/psirt/FG-IR-23-265 advisory
https://fortiguard.com/psirt/FG-IR-23-203 url

Open in Interactive Console →