Fortiguard

FortiMail software-version detection vulnerability

Summary

An exposure of sensitive information to an unauthorized actor vulnerability in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.

Affected Products

FortiMail versions 6.0.9 and below.
FortiMail versions 6.2.4 and below
FortiMail versions 6.4.1 and below.

Solutions

Please upgrade to FortiMail versions 6.0.10 or above.

Please upgrade to FortiMail versions 6.2.5 or above.

Please upgrade to FortiMail versions 6.4.2 or above.

Acknowledgement

Fortinet is pleased to thank Patrick Schmid from Redguard for reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-20-105
Date	Nov 3, 2020
Severity	Medium
CVSSv3 Score	5.2
Impact	Information disclosure.
CVE ID	CVE-2021-24008
CVRF	Download

Network

Files and Endpoint

Application

Additional SOC Services

PSIRT Advisories

FortiMail software-version detection vulnerability

Summary

Affected Products

Solutions

Acknowledgement

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

PSIRT Advisories

FortiMail software-version detection vulnerability

Summary

Affected Products

Solutions

Acknowledgement