Vulnerabilities > Fortinet > Fortimail > 6.4.0

DATE CVE VULNERABILITY TITLE RISK
2021-07-12 CVE-2021-26090 Memory Leak vulnerability in Fortinet Fortimail
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
network
low complexity
fortinet CWE-401
7.5
2021-07-12 CVE-2021-26099 Unspecified vulnerability in Fortinet Fortimail
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
network
low complexity
fortinet
4.9
2021-07-09 CVE-2021-22129 Classic Buffer Overflow vulnerability in Fortinet Fortimail
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-120
8.8
2021-07-09 CVE-2021-24007 SQL Injection vulnerability in Fortinet Fortimail
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-89
critical
9.8
2021-07-09 CVE-2021-24020 Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.
network
low complexity
fortinet CWE-347
critical
9.8
2021-07-09 CVE-2021-26100 Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail
A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible.
network
low complexity
fortinet CWE-347
7.5