FortiMail software-version detection vulnerability

Summary

An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.

Affected Products

FortiMail versions 6.0.9 and below.
FortiMail versions 6.2.4 and below
FortiMail versions 6.4.1 and below.

Solutions

Please upgrade to FortiMail versions 6.0.10 or above.

Please upgrade to FortiMail versions 6.2.5 or above.

Please upgrade to FortiMail versions 6.4.2 or above.

Acknowledgement

Fortinet is pleased to thank Patrick Schmid from Redguard for reporting this vulnerability under responsible disclosure.