CVE-2022-39945

Name of the Vulnerable Software and Affected Versions FortiMail versions 6.0 through 7.2.0

Description The issue allows an authenticated admin user assigned to a specific domain to access and modify other domains' information via insecure direct object references (IDOR). This is due to an improper access control vulnerability.

Recommendations For FortiMail versions 6.0 through 7.2.0, consider restricting access to sensitive domain information to prevent unauthorized modifications until a patch is available. As a temporary workaround, limit the privileges of admin users to their assigned domains to minimize the risk of exploitation.