Vulnerabilities > Fortinet > Fortimail > 6.4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2021-36166 | Use of Insufficiently Random Values vulnerability in Fortinet Fortimail An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | 9.8 |
| 2022-02-02 | CVE-2021-43062 | Cross-site Scripting vulnerability in Fortinet Fortimail A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. | 6.1 |
| 2021-12-08 | CVE-2021-42757 | Out-of-bounds Write vulnerability in Fortinet products A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | 6.7 |
| 2021-07-12 | CVE-2021-26099 | Unspecified vulnerability in Fortinet Fortimail Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | 4.9 |
| 2021-07-09 | CVE-2021-26100 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible. | 7.5 |