CVE-2021-26099
First published: Mon Jul 12 2021(Updated: )
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiMail | >=5.0<7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this FortiMail issue?
The vulnerability ID for this FortiMail issue is CVE-2021-26099.
What is the severity of CVE-2021-26099?
The severity of CVE-2021-26099 is medium with a severity value of 4.9.
How does the vulnerability in FortiMail allow an attacker to compromise confidentiality?
The vulnerability in FortiMail allows an attacker who obtains the encrypted master keys to compromise their confidentiality by observing certain properties of the ciphertext.
Which versions of FortiMail are affected by this vulnerability?
Versions of FortiMail before 7.0.0 are affected by this vulnerability.
Where can I find more information about CVE-2021-26099?
You can find more information about CVE-2021-26099 on the FortiGuard Advisory page: https://fortiguard.com/advisory/FG-IR-20-244.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortimail
- version/fortinet fortimail/5.0