PSIRT Advisory
FortiMail software-version detection vulnerability
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.
Impact
Information disclosure.
Affected Products
FortiMail versions 6.0.9 and below. FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and below.
Solutions
Please upgrade to FortiMail versions 6.0.10 or above. Please upgrade to FortiMail versions 6.2.5 or above. Please upgrade to FortiMail versions 6.4.2 or above.
Acknowledgement
Fortinet is pleased to thank Patrick Schmid from Redguard for reporting this vulnerability under responsible disclosure.