FortiMail / FortiNDR / FortiWeb - Path traversal vulnerabilities
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-014
Final
1
1
2021-07-07T00:00:00
Current version
2021-07-07T00:00:00
2021-07-07T00:00:00
Multiple Path traversal vulnerabilities in FortiMail, FortiNDR & FortiWeb may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
Unauthorized access to files.
FortiMail 6.4.3 and below. FortiMail 6.2.6 and below. FortiMail 6.0.10 and below. FortiMail 5.4.12 and below. At least FortiWeb version 5.9.0 through 5.9.2 FortiWeb version 6.0.0 through 6.0.8 FortiWeb version 6.1.0 through 6.1.3 FortiWeb version 6.2.0 through 6.2.7 FortiWeb version 6.3.0 through 6.3.17 FortiWeb version 6.4.0 through 6.4.2 FortiWeb version 7.0.0 FortiNDR version 1.1.0 FortiNDR version 1.2.0 FortiNDR version 1.3.0 through 1.3.1 FortiNDR version 1.4.0 FortiNDR version 1.5.0 through 1.5.3
Upgrade to FortiMail version 7.0.0 or above, Upgrade to FortiMail version 6.4.4 or above, Upgrade to FortiMail version 6.2.7 or above. Upgrade to FortiMail version 6.0.11 or above. Upgrade to FortiNDR version 7.0.0 or above. Please upgrade to FortiWeb version 7.0.1 or above, Please upgrade to FortiWeb version 6.4.3 or above, Please upgrade to FortiWeb versionĀ 6.3.18 or above.
This issue was discovered by Giuseppe Cocomazzi of the Fortinet PSIRT Team during an internal security assessment.
FortiMail 6.4.4
FortiMail 6.4.3
FortiMail 6.4.2
FortiMail 6.4.1
FortiMail 6.4.0
FortiMail 6.2.6
FortiMail 6.2.5
FortiMail 6.2.4
FortiMail 6.2.3
FortiMail 6.2.2
FortiMail 6.2.1
FortiMail 6.2.0
FortiMail 6.0.12
FortiMail 6.0.11
FortiMail 6.0.10
FortiMail 6.0.9
FortiMail 6.0.8
FortiMail 6.0.7
FortiMail 6.0.6
FortiMail 6.0.5
FortiMail 6.0.4
FortiMail 6.0.3
FortiMail 6.0.2
FortiMail 6.0.1
FortiMail 6.0.0
FortiMail 5.4.12
FortiMail 5.4.11
FortiMail 5.4.10
FortiMail 5.4.9
FortiMail 5.4.8
FortiMail 5.4.7
FortiMail 5.4.6
FortiMail 5.4.5
FortiMail 5.4.4
FortiMail 5.4.3
FortiMail 5.4.2
FortiMail 5.4.1
FortiMail 5.4.0
FortiMail 5.3.13
FortiMail 5.3.12
FortiMail 5.3.10
FortiMail 5.3.9
FortiMail 5.3.8
FortiMail 5.3.7
FortiMail 5.3.6
FortiMail 5.3.5
FortiMail 5.3.4
FortiMail 5.3.3
FortiMail 5.3.2
FortiMail 5.3.1
FortiMail 5.3.0
FortiMail 5.2.10
FortiMail 5.2.9
FortiMail 5.2.8
FortiMail 5.2.7
FortiMail 5.2.6
FortiMail 5.2.5
FortiMail 5.2.4
FortiMail 5.2.3
FortiMail 5.2.2
FortiMail 5.2.1
FortiMail 5.2.0
FortiMail 5.1.7
FortiMail 5.1.6
FortiMail 5.1.5
FortiMail 5.1.4
FortiMail 5.1.3
FortiMail 5.1.2
FortiMail 5.1.1
FortiMail 5.1.0
FortiMail 5.0.11
FortiMail 5.0.10
FortiMail 5.0.9
FortiMail 5.0.8
FortiMail 5.0.7
FortiMail 5.0.6
FortiMail 5.0.5
FortiMail 5.0.4
FortiMail 5.0.3
FortiMail 5.0.2
FortiMail 5.0.1
FortiMail 5.0.0
FortiNDR 1.5.3
FortiNDR 1.5.2
FortiNDR 1.5.1
FortiNDR 1.5.0
FortiNDR 1.4.0
FortiNDR 1.3.1
FortiNDR 1.3.0
FortiNDR 1.2.0
FortiNDR 1.1.0
FortiWeb 7.0.0
FortiWeb 6.4.2
FortiWeb 6.4.1
FortiWeb 6.4.0
FortiWeb 6.3.17
FortiWeb 6.3.16
FortiWeb 6.3.15
FortiWeb 6.3.14
FortiWeb 6.3.13
FortiWeb 6.3.12
FortiWeb 6.3.11
FortiWeb 6.3.10
FortiWeb 6.3.9
FortiWeb 6.3.8
FortiWeb 6.3.7
FortiWeb 6.3.6
FortiWeb 6.3.5
FortiWeb 6.3.4
FortiWeb 6.3.3
FortiWeb 6.3.2
FortiWeb 6.3.1
FortiWeb 6.3.0
FortiWeb 6.2.8
FortiWeb 6.2.7
FortiWeb 6.2.6
FortiWeb 6.2.5
FortiWeb 6.2.4
FortiWeb 6.2.3
FortiWeb 6.2.2
FortiWeb 6.2.1
FortiWeb 6.2.0
FortiWeb 6.1.4
FortiWeb 6.1.3
FortiWeb 6.1.2
FortiWeb 6.1.1
FortiWeb 6.1.0
FortiWeb 6.0.8
FortiWeb 6.0.7
FortiWeb 6.0.6
FortiWeb 6.0.5
FortiWeb 6.0.4
FortiWeb 6.0.3
FortiWeb 6.0.2
FortiWeb 6.0.1
FortiWeb 6.0.0
FortiWeb 5.9.2
FortiWeb 5.9.1
FortiWeb 5.9.0
FortiMail / FortiNDR / FortiWeb - Path traversal vulnerabilities
CVE-2021-24013
FortiMail-6.4.4
FortiMail-6.4.3
FortiMail-6.4.2
FortiMail-6.4.1
FortiMail-6.4.0
FortiMail-6.2.6
FortiMail-6.2.5
FortiMail-6.2.4
FortiMail-6.2.3
FortiMail-6.2.2
FortiMail-6.2.1
FortiMail-6.2.0
FortiMail-6.0.12
FortiMail-6.0.11
FortiMail-6.0.10
FortiMail-6.0.9
FortiMail-6.0.8
FortiMail-6.0.7
FortiMail-6.0.6
FortiMail-6.0.5
FortiMail-6.0.4
FortiMail-6.0.3
FortiMail-6.0.2
FortiMail-6.0.1
FortiMail-6.0.0
FortiMail-5.4.12
FortiMail-5.4.11
FortiMail-5.4.10
FortiMail-5.4.9
FortiMail-5.4.8
FortiMail-5.4.7
FortiMail-5.4.6
FortiMail-5.4.5
FortiMail-5.4.4
FortiMail-5.4.3
FortiMail-5.4.2
FortiMail-5.4.1
FortiMail-5.4.0
FortiMail-5.3.13
FortiMail-5.3.12
FortiMail-5.3.10
FortiMail-5.3.9
FortiMail-5.3.8
FortiMail-5.3.7
FortiMail-5.3.6
FortiMail-5.3.5
FortiMail-5.3.4
FortiMail-5.3.3
FortiMail-5.3.2
FortiMail-5.3.1
FortiMail-5.3.0
FortiMail-5.2.10
FortiMail-5.2.9
FortiMail-5.2.8
FortiMail-5.2.7
FortiMail-5.2.6
FortiMail-5.2.5
FortiMail-5.2.4
FortiMail-5.2.3
FortiMail-5.2.2
FortiMail-5.2.1
FortiMail-5.2.0
FortiMail-5.1.7
FortiMail-5.1.6
FortiMail-5.1.5
FortiMail-5.1.4
FortiMail-5.1.3
FortiMail-5.1.2
FortiMail-5.1.1
FortiMail-5.1.0
FortiMail-5.0.11
FortiMail-5.0.10
FortiMail-5.0.9
FortiMail-5.0.8
FortiMail-5.0.7
FortiMail-5.0.6
FortiMail-5.0.5
FortiMail-5.0.4
FortiMail-5.0.3
FortiMail-5.0.2
FortiMail-5.0.1
FortiMail-5.0.0
FortiNDR-1.5.3
FortiNDR-1.5.2
FortiNDR-1.5.1
FortiNDR-1.5.0
FortiNDR-1.4.0
FortiNDR-1.3.1
FortiNDR-1.3.0
FortiNDR-1.2.0
FortiNDR-1.1.0
FortiWeb-7.0.0
FortiWeb-6.4.2
FortiWeb-6.4.1
FortiWeb-6.4.0
FortiWeb-6.3.17
FortiWeb-6.3.16
FortiWeb-6.3.15
FortiWeb-6.3.14
FortiWeb-6.3.13
FortiWeb-6.3.12
FortiWeb-6.3.11
FortiWeb-6.3.10
FortiWeb-6.3.9
FortiWeb-6.3.8
FortiWeb-6.3.7
FortiWeb-6.3.6
FortiWeb-6.3.5
FortiWeb-6.3.4
FortiWeb-6.3.3
FortiWeb-6.3.2
FortiWeb-6.3.1
FortiWeb-6.3.0
FortiWeb-6.2.8
FortiWeb-6.2.7
FortiWeb-6.2.6
FortiWeb-6.2.5
FortiWeb-6.2.4
FortiWeb-6.2.3
FortiWeb-6.2.2
FortiWeb-6.2.1
FortiWeb-6.2.0
FortiWeb-6.1.4
FortiWeb-6.1.3
FortiWeb-6.1.2
FortiWeb-6.1.1
FortiWeb-6.1.0
FortiWeb-6.0.8
FortiWeb-6.0.7
FortiWeb-6.0.6
FortiWeb-6.0.5
FortiWeb-6.0.4
FortiWeb-6.0.3
FortiWeb-6.0.2
FortiWeb-6.0.1
FortiWeb-6.0.0
FortiWeb-5.9.2
FortiWeb-5.9.1
FortiWeb-5.9.0
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-21-014
FortiMail / FortiNDR / FortiWeb - Path traversal vulnerabilities
Reference>