fortimail · threatengine.sh

CVE-2025-53681

>= 7.2.0 and < 7.2.9

An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in F

7.2HIGH

CVE-2025-55717

>= 7.0.0 and < 7.0.9

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, Fort

4.0MEDIUM

CVE-2025-54972

>= 7.0.0 and < 7.4.6

An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail

4.3MEDIUM

CVE-2024-47569

>= 7.0.0 and < 7.2.7

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 throu

4.3MEDIUM

CVE-2024-40588

>= 6.4.0 and < 7.4.4

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.

4.4MEDIUM

CVE-2025-32756

>= 7.0.0 and < 7.0.9

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 a

9.8CRITICAL

CVE-2023-33302

>= 5.4.0 and <= 5.4.12

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interfa

4.7MEDIUM

CVE-2021-24008

>= 6.0.0 and < 6.0.10

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0,

5.3MEDIUM

CVE-2021-26091

>= 6.2.0 and < 6.4.5

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encrypti

7.5HIGH

CVE-2023-47539

all versions

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enab

9.8CRITICAL

CVE-2024-46663

>= 6.4.0 and < 7.2.7

A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a pr

6.7MEDIUM

CVE-2022-23439

>= 6.4.0 and < 7.0.4

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches

4.7MEDIUM

CVE-2024-56497

>= 6.4.0 and < 6.4.8

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0

6.7MEDIUM

CVE-2022-27488

>= 6.0.0 and <= 6.0.12

A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4

8.3HIGH

CVE-2023-45582

>= 6.2.0 and <= 6.2.9

An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.

5.6MEDIUM

CVE-2023-36633

>= 6.0.0 and < 7.0.6

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an auth

5.4MEDIUM

CVE-2023-36637

>= 7.0.1 and <= 7.0.5

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and

3.5LOW

CVE-2023-36556

>= 6.0.0 and <= 6.0.12

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 a

8.8HIGH

CVE-2022-29056

>= 6.0.0 and < 6.0.10

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6

3.7LOW

CVE-2022-39945

>= 6.0.0 and <= 6.0.12

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.

5.4MEDIUM

CVE-2022-26122

>= 6.0.0 and <= 6.0.12

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version

4.7MEDIUM

CVE-2022-26114

< 7.2.0

An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may

5.4MEDIUM

CVE-2022-22299

>= 6.4.0 and <= 6.4.5

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version

7.8HIGH

CVE-2021-32586

<= 5.4.12

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated

7.7HIGH

CVE-2021-36166

<= 5.4.12

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administra

9.8CRITICAL

CVE-2021-43062

>= 6.2.0 and < 6.2.8

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0

6.1MEDIUM

CVE-2020-15933

<= 6.0.9

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.

5.3MEDIUM

CVE-2021-32591

all versions

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox befor

5.3MEDIUM

CVE-2021-42757

>= 5.4.0 and <= 6.2.7

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authe

6.7MEDIUM

CVE-2021-26095

>= 6.2.0 and <= 6.2.6

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6

7.5HIGH

CVE-2021-24015

>= 5.4.0 and <= 5.4.12

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail be

7.2HIGH

CVE-2021-24013

>= 5.4.0 and <= 5.4.12

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized a

8.8HIGH

CVE-2021-26090

>= 6.2.0 and <= 6.2.6

A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 t

5.3MEDIUM

CVE-2021-26099

>= 5.0 and < 7.0.0

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in

4.4MEDIUM

CVE-2021-26100

< 7.0.0

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attac

5.9MEDIUM

CVE-2021-24020

>= 6.2.0 and <= 6.2.7

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 throug

7.5HIGH

CVE-2021-24007

<= 5.4.12

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-aut

9.8CRITICAL

CVE-2021-22129

<= 5.4.12

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 m

8.8HIGH

CVE-2020-9294

<= 5.4.10

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 ma

9.8CRITICAL

CVE-2019-15712

<= 5.4.10

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators

7.2HIGH

CVE-2019-15707

<= 5.4.10

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators

4.9MEDIUM

CVE-2017-7732

all versions

A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through

6.1MEDIUM

CVE-2017-3125

all versions

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary s

6.1MEDIUM

CVE-2015-3293

all versions

FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.

CVE-2014-8617

<= 4.3.8

Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4

CVE-2013-1471

<= 4.0

Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity

fortinet fortimail