PSIRT Advisories

FortiMail - path traversal vulnerabilities

Summary

Multiple Path traversal vulnerabilities in FortiMail Webmail may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.

Affected Products

FortiMail 6.4.4 and below.
FortiMail 6.2.6 and below.
FortiMail 6.0.10 and below.
FortiMail 5.4.12 and below.

Solutions

Upgrade to FortiMail 7.0.0.

Upgrade to FortiMail 6.4.5.

Upgrade to FortiMail 6.2.7.

Upgrade to FortiMail 6.0.11.

Fix for version 5.4 to be confirmed.

Acknowledgement

This issue was discovered by Giuseppe Cocomazzi of the Fortinet PSIRT Team during an internal security assessment.