{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T04:53:14.779","vulnerabilities":[{"cve":{"id":"CVE-2021-24020","sourceIdentifier":"psirt@fortinet.com","published":"2021-07-09T19:15:08.197","lastModified":"2024-11-21T05:52:13.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification."},{"lang":"es","value":"Una falta de paso criptográfico en la implementación del algoritmo hash digest en FortiMail versiones 6.4.0 hasta 6.4.4, y versiones 6.2.0 hasta 6.2.7, puede permitir a un atacante no autenticado manipular las URLs firmadas al añadir más datos que permitan omitir la comprobación de la firma"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.7","matchCriteriaId":"72F6AEF1-C5BF-4A9A-A843-A152AA168085"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.5","matchCriteriaId":"5DAB4EFB-D73F-4FC5-8FE7-278BADB9F78E"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-027","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-027","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}