PT-2022-8580 · Fortinet · Fortimail

Published

2022-01-05

Updated

2022-01-12

CVE-2020-15933

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiMail versions 6.0.9 and below FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0

Description The issue allows an unauthorized actor to obtain potentially sensitive software-version information via client-side resources inspection. This exposure of sensitive information can be exploited to gain valuable insights into the system's configuration.

Recommendations For FortiMail versions 6.0.9 and below, update to a version above 6.0.9 to resolve the issue. For FortiMail versions 6.2.4 and below, update to a version above 6.2.4 to resolve the issue. For FortiMail versions 6.4.1 and 6.4.0, update to a version above 6.4.1 to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-15933

Affected Products

Fortimail

PT-2022-8580 · Fortinet · Fortimail

CVE-2020-15933

Weakness Enumeration

Related Identifiers

Affected Products

References · 4