CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26095

The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.5

References

Products affected by CVE-2021-26095

Fortinet » Fortimail » Version: 6.2.0

cpe:2.3:a:fortinet:fortimail:6.2.0
Fortinet » Fortimail » Version: 6.2.1

cpe:2.3:a:fortinet:fortimail:6.2.1
Fortinet » Fortimail » Version: 6.2.2

cpe:2.3:a:fortinet:fortimail:6.2.2
Fortinet » Fortimail » Version: 6.2.3

cpe:2.3:a:fortinet:fortimail:6.2.3
Fortinet » Fortimail » Version: 6.2.4

cpe:2.3:a:fortinet:fortimail:6.2.4
Fortinet » Fortimail » Version: 6.2.5

cpe:2.3:a:fortinet:fortimail:6.2.5
Fortinet » Fortimail » Version: 6.2.6

cpe:2.3:a:fortinet:fortimail:6.2.6
Fortinet » Fortimail » Version: 6.4.0

cpe:2.3:a:fortinet:fortimail:6.4.0
Fortinet » Fortimail » Version: 6.4.1

cpe:2.3:a:fortinet:fortimail:6.4.1
Fortinet » Fortimail » Version: 6.4.2

cpe:2.3:a:fortinet:fortimail:6.4.2
Fortinet » Fortimail » Version: 6.4.3

cpe:2.3:a:fortinet:fortimail:6.4.3
Fortinet » Fortimail » Version: 6.4.4

cpe:2.3:a:fortinet:fortimail:6.4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26095

Products

Pricing

Contact Us