PSIRT Advisories
FortiMail - path traversal vulnerabilities
Summary
Multiple Path traversal vulnerabilities in FortiMail Webmail may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
Affected Products
FortiMail 6.4.4 and below.
FortiMail 6.2.6 and below.
FortiMail 6.0.10 and below.
FortiMail 5.4.12 and below.
Solutions
Upgrade to FortiMail 7.0.0.
Upgrade to FortiMail 6.4.5.
Upgrade to FortiMail 6.2.7.
Upgrade to FortiMail 6.0.11.
Fix for version 5.4 to be confirmed.