CVE-2021-22129 HIGH

CVE-2021-22129

Vendor Fortinet
Product Fortinet FortiMail
Published July 9, 2021
Last update October 25, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

Key dates

02Disclosure timeline

July 9, 2021 CVE published
October 25, 2024 Record updated