all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiMail - User can see and modify address book folders title of other users

Add to bookmarks
Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper authorization vulnerability [CWE-285] in FortiMail webmail may allow an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

address attacker authorization book cwe folders http https may requests vulnerability webmail

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiMail - User can see and modify address book folders title of other users 2 weeks, 3 days ago | fortiguard.fortinet.com
address attacker authorization book +8
FortiClient (Windows) - DLL Hijacking via openssl.cnf 2 weeks, 3 days ago | fortiguard.fortinet.com
attack attacker cwe dll +14
FortiMail - Login mechanism without rate limitation 2 weeks, 3 days ago | fortiguard.fortinet.com
attack attacker authentication brute +10
FortiOS & FortiProxy - DOS in headers management 2 weeks, 3 days ago | fortiguard.fortinet.com
attack attacker cwe device +13
FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted 2 weeks, 3 days ago | fortiguard.fortinet.com
actions api attacker cors +15
FortiClient (Windows) - Arbitrary file deletion from unprivileged users 2 weeks, 3 days ago | fortiguard.fortinet.com
attacker authorization cwe deletion +9
FortiClient for Windows - Hardcoded credentials in vcm2.exe 2 weeks, 3 days ago | fortiguard.fortinet.com
attacker bypass credentials cwe +8
FortiEDRCollector (Windows) - Protection may be disabled by local attacker 2 weeks, 3 days ago | fortiguard.fortinet.com
access access control attacker control +15
FortiManager & FortiAnalyzer - Use of hardcoded credentials in fmgsvrd 2 weeks, 3 days ago | fortiguard.fortinet.com
access attacker credentials cwe +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Cybersecurity Systems Security Engineer II-T

@ ManTech | 809AR - Ft Carson,Colorado Springs,CO
View on infosec-jobs.com

Security Engineer (Supporting NASA at JSC)

@ KBR, Inc. | USA, Houston, 2101 NASA Parkway, Building 21, Texas
View on infosec-jobs.com

Head of Security & IT

@ ORFIUM | Dublin, County Dublin, Ireland
View on infosec-jobs.com

Chief Privacy Officer

@ Nike | Santa Clara,CA
View on infosec-jobs.com

Security Engineer

@ SPINS | Chicago, IL
View on infosec-jobs.com
View more jobs