FortiMail - Unsafe handling of CGI environment parameters in web server framework
An improper input validation (CWE-20) vulnerability in the web server CGI facilities of FortiMail may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.
FortiMail 6.4.5 and below.
FortiMail 6.2.7 and below.
FortiMail 6.0.11 and below.
FortiMail 5.4.12 and below.
Upgrade to FortiMail 7.0.1 or above.
Upgrade to FortiMail 6.4.6 or above.
Upgrade to FortiMail 6.2.8 or above.
Upgrade to FortiMail 6.0.12 or above.