{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T03:29:49.369","vulnerabilities":[{"cve":{"id":"CVE-2023-36633","sourceIdentifier":"psirt@fortinet.com","published":"2023-11-14T18:15:49.107","lastModified":"2024-11-21T08:10:08.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests."},{"lang":"es","value":"Una vulnerabilidad de autorización inadecuada [CWE-285] en el correo web FortiMail versión 7.2.0 a 7.2.2 y anteriores a 7.0.5 permite a un atacante autenticado ver y modificar el título de las carpetas de la libreta de direcciones de otros usuarios a través de solicitudes HTTP o HTTP manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"7.0.6","matchCriteriaId":"1068FC83-F326-45AA-BB89-1A8C05A1E8B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.3","matchCriteriaId":"0A21C673-9ED8-4D8F-838F-F587CFC57715"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-203","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-23-203","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}