{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T22:36:39.406","vulnerabilities":[{"cve":{"id":"CVE-2023-36556","sourceIdentifier":"psirt@fortinet.com","published":"2023-10-10T17:15:12.140","lastModified":"2024-11-21T08:09:55.593","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests."},{"lang":"es","value":"Una vulnerabilidad de autorización incorrecta [CWE-863] en el correo web FortiMail versión 7.2.0 a 7.2.2, versión 7.0.0 a 7.0.5 e inferior a 6.4.7 permite a un atacante autenticado iniciar sesión en cuentas de otros usuarios desde el mismo dominio web a través de solicitudes HTTP o HTTPs manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.0.12","matchCriteriaId":"01F784BF-4F89-4938-9150-F911E3EB6CD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.9","matchCriteriaId":"AEDC7EE8-084C-4F9E-A510-E283FCDF9832"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndIncluding":"6.4.7","matchCriteriaId":"7D25AB0A-3B0C-40B5-8D7D-78DA7567F6F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.5","matchCriteriaId":"3A56C791-6437-4BA5-922C-3352FF5D8431"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BD3A9BF6-5A5E-4D25-BDB4-CD9AA9DA8580"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"22B39FED-3BE4-4362-A071-93A235CE6089"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*","matchCriteriaId":"235B3CB6-E9A3-4849-AF87-954693BA2EDE"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-202","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-23-202","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}