Описание
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0.9 (включая)
Одно из
cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00237
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
около 4 лет назад
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection.
EPSS
Процентиль: 47%
0.00237
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200