CVE-2019-15707

Name of the Vulnerable Software and Affected Versions FortiMail versions 5.4.10 and below FortiMail versions 6.0.0 through 6.0.6 FortiMail version 6.2.0

Description The issue is related to improper access control in the FortiMail admin webUI, which may allow a remote attacker to bypass existing security restrictions and gain unauthorized access to the application. This could enable administrators to perform actions they are not authorized for, such as downloading system backup configurations.

Recommendations For FortiMail versions 5.4.10 and below, update to a version above 5.4.10 to resolve the issue. For FortiMail versions 6.0.0 through 6.0.6, update to a version above 6.0.6 to resolve the issue. For FortiMail version 6.2.0, update to a version above 6.2.0 to resolve the issue.