CVE-2021-32586 HIGH

CVE-2021-32586

Vendor Fortinet
Product Fortinet FortiMail
Published March 1, 2022
Last update October 25, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:X/RC:X

What the vulnerability does

01Description

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.

Key dates

02Disclosure timeline

March 1, 2022 CVE published
October 25, 2024 Record updated