CVE-2019-15707
First published: Thu Jan 23 2020(Updated: )
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiMail | <=5.4.10 | |
| Fortinet FortiMail | >=6.0.0<=6.0.6 | |
| Fortinet FortiMail | =6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15707?
CVE-2019-15707 is an improper access control vulnerability in FortiMail admin webUI.
Which versions of FortiMail are affected by CVE-2019-15707?
FortiMail versions 6.2.0, 6.0.0 to 6.0.6, and 5.4.10 and below are affected by CVE-2019-15707.
What can an attacker do with CVE-2019-15707?
An attacker can perform unauthorized system backup config download using CVE-2019-15707.
How severe is CVE-2019-15707?
CVE-2019-15707 has a severity score of 4.9, which is considered medium severity.
How can I fix CVE-2019-15707?
To fix CVE-2019-15707, it is recommended to update FortiMail to a version that is not affected or apply any patches provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortimail
- version/fortinet fortimail/5.4.10
- version/fortinet fortimail/6.0.0
- version/fortinet fortimail/6.0.6
- version/fortinet fortimail/6.2.0