FortiMail - Inter-domain information leakage
Summary
An improper access control vulnerability [CWE-284] in FortiMail may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).
Affected Products
FortiMail version 7.2.0FortiMail version 7.0.0 through 7.0.3
FortiMail version 6.4.0 through 6.4.7
FortiMail version 6.2.0 through 6.2.9
FortiMail version 6.0.0 through 6.0.12
Solutions
Please upgrade to FortiMail version 7.2.1 or abovePlease upgrade to FortiMail version 7.0.4 or above