Vulnerabilities > Fortinet > Fortimail > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2021-32586 | Improper Input Validation vulnerability in Fortinet Fortimail An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests. | 9.8 |
| 2022-03-01 | CVE-2021-36166 | Use of Insufficiently Random Values vulnerability in Fortinet Fortimail An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties. | 9.8 |
| 2021-07-09 | CVE-2021-24020 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortimail A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. | 9.8 |
| 2021-07-09 | CVE-2021-24007 | SQL Injection vulnerability in Fortinet Fortimail Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 9.8 |
| 2020-04-27 | CVE-2020-9294 | Improper Authentication vulnerability in Fortinet Fortimail An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. | 9.8 |