CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.5

References

Products affected by CVE-2021-24020

Fortinet » Fortimail » Version: 6.2.0

cpe:2.3:a:fortinet:fortimail:6.2.0
Fortinet » Fortimail » Version: 6.2.1

cpe:2.3:a:fortinet:fortimail:6.2.1
Fortinet » Fortimail » Version: 6.2.2

cpe:2.3:a:fortinet:fortimail:6.2.2
Fortinet » Fortimail » Version: 6.2.3

cpe:2.3:a:fortinet:fortimail:6.2.3
Fortinet » Fortimail » Version: 6.2.4

cpe:2.3:a:fortinet:fortimail:6.2.4
Fortinet » Fortimail » Version: 6.2.5

cpe:2.3:a:fortinet:fortimail:6.2.5
Fortinet » Fortimail » Version: 6.2.6

cpe:2.3:a:fortinet:fortimail:6.2.6
Fortinet » Fortimail » Version: 6.2.7

cpe:2.3:a:fortinet:fortimail:6.2.7
Fortinet » Fortimail » Version: 6.4.0

cpe:2.3:a:fortinet:fortimail:6.4.0
Fortinet » Fortimail » Version: 6.4.1

cpe:2.3:a:fortinet:fortimail:6.4.1
Fortinet » Fortimail » Version: 6.4.2

cpe:2.3:a:fortinet:fortimail:6.4.2
Fortinet » Fortimail » Version: 6.4.3

cpe:2.3:a:fortinet:fortimail:6.4.3
Fortinet » Fortimail » Version: 6.4.4

cpe:2.3:a:fortinet:fortimail:6.4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24020

Products

Pricing

Contact Us