PSIRT Advisory

FortiMail software-version detection vulnerability

Summary

An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.

Impact

Information disclosure.

Affected Products

FortiMail versions 6.0.9 and below. FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and below.

Solutions

Please upgrade to FortiMail versions 6.0.10 or above. Please upgrade to FortiMail versions 6.2.5 or above. Please upgrade to FortiMail versions 6.4.2 or above.

Acknowledgement

Fortinet is pleased to thank Patrick Schmid from Redguard for reporting this vulnerability under responsible disclosure.