FortiMail - User can see and modify address book folders title of other users

Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper authorization vulnerability [CWE-285] in FortiMail webmail may allow an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

address attacker authorization book cwe folders http https may requests vulnerability webmail

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 3 weeks, 1 day ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 3 weeks, 1 day ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 3 weeks, 1 day ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 3 weeks, 1 day ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 3 weeks, 1 day ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

EY- GDS- Cybersecurity- Staff

@ EY | Miguel Hidalgo, MX, 11520

View on infosec-jobs.com

Staff Security Operations Engineer

@ Workiva | Ames

View on infosec-jobs.com

Public Relations Senior Account Executive (B2B Tech/Cybersecurity/Enterprise)

@ Highwire Public Relations | Los Angeles, CA

View on infosec-jobs.com

Airbus Canada - Responsable Cyber sécurité produit / Product Cyber Security Responsible

@ Airbus | Mirabel

View on infosec-jobs.com

Investigations (OSINT) Manager

@ Logically | India

View on infosec-jobs.com

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, NY, Virtual Location - New York

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiMail - User can see and modify address book folders title of other users

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

EY- GDS- Cybersecurity- Staff

Staff Security Operations Engineer

Public Relations Senior Account Executive (B2B Tech/Cybersecurity/Enterprise)

Airbus Canada - Responsable Cyber sécurité produit / Product Cyber Security Responsible

Investigations (OSINT) Manager

Security Engineer I, Offensive Security Penetration Testing