FG-IR-20-105: Unauthenticated user can determine software-version information
First published: Tue Nov 03 2020(Updated: )
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortimail-200d |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of FG-IR-20-105?
The severity of FG-IR-20-105 is considered to be critical due to the risk of unauthorized access to sensitive software-version information.
How do I fix FG-IR-20-105?
To fix FG-IR-20-105, Fortinet users should update their FortiMail to the latest version that includes patches addressing this vulnerability.
Who is affected by FG-IR-20-105?
The FG-IR-20-105 vulnerability affects users of Fortinet FortiMail software, particularly those running vulnerable versions.
What information can be exposed due to FG-IR-20-105?
FG-IR-20-105 can expose sensitive software-version information to unauthorized attackers.
Can FG-IR-20-105 be exploited remotely?
Yes, FG-IR-20-105 can be exploited remotely by unauthenticated attackers.
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2020-15933
- agent/source
- agent/type
- collector/fortiguard-psirt
- alias/CVE-2021-24008
- agent/last-modified-date
- agent/title
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/fortinet
- canonical/fortinet fortimail-200d