FortiMail - Unsafe handling of CGI environment parameters in web server framework
Summary
An improper input validation (CWE-20) vulnerability in the web server CGI facilities of FortiMail may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.
Affected Products
FortiMail 7.0.0.
FortiMail 6.4.5 and below.
FortiMail 6.2.7 and below.
FortiMail 6.0.11 and below.
FortiMail 5.4.12 and below.
Solutions
Upgrade to FortiMail 7.0.1 or above.
Upgrade to FortiMail 6.4.6 or above.
Upgrade to FortiMail 6.2.8 or above.
Upgrade to FortiMail 6.0.12 or above.