Description
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- fortinet / Fortinet FortiMailFortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 – FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6