ID

VAR-202011-1493


CVE

CVE-2020-15933


TITLE

Fortinet FortiMail  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-017518

DESCRIPTION

A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection. Fortinet FortiMail There is a vulnerability related to information leakage.Information may be obtained. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection. Affected products and software versions are as follows: FortiMail 6.0.9 and earlier, FortiMail 6.2.4 and earlier, FortiMail 6.4.1 and earlier

Trust: 1.8

sources: NVD: CVE-2020-15933 // JVNDB: JVNDB-2020-017518 // VULHUB: VHN-168961 // VULMON: CVE-2020-15933

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:eqversion:6.2.1

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:6.2.3

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:6.2.4

Trust: 1.0

vendor:fortinetmodel:fortimailscope:lteversion:6.0.9

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortimailscope:eqversion:6.2.2

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope:lteversion:6.0.9 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:lteversion:6.2.4 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.4.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-017518 // NVD: CVE-2020-15933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15933
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2020-15933
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-15933
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-248
value: MEDIUM

Trust: 0.6

VULHUB: VHN-168961
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-15933
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-168961
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-15933
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-017518
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-168961 // JVNDB: JVNDB-2020-017518 // CNNVD: CNNVD-202011-248 // NVD: CVE-2020-15933 // NVD: CVE-2020-15933

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-168961 // JVNDB: JVNDB-2020-017518 // NVD: CVE-2020-15933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-248

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202011-248

PATCH

title:FG-IR-20-105url:https://www.fortiguard.com/psirt/FG-IR-20-105

Trust: 0.8

title:Fortinet FortiMail Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132065

Trust: 0.6

sources: JVNDB: JVNDB-2020-017518 // CNNVD: CNNVD-202011-248

EXTERNAL IDS

db:NVDid:CVE-2020-15933

Trust: 3.4

db:JVNDBid:JVNDB-2020-017518

Trust: 0.8

db:CNNVDid:CNNVD-202011-248

Trust: 0.7

db:AUSCERTid:ESB-2020.3792

Trust: 0.6

db:VULHUBid:VHN-168961

Trust: 0.1

db:VULMONid:CVE-2020-15933

Trust: 0.1

sources: VULHUB: VHN-168961 // VULMON: CVE-2020-15933 // JVNDB: JVNDB-2020-017518 // CNNVD: CNNVD-202011-248 // NVD: CVE-2020-15933

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-20-105

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-15933

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.3792/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-168961 // VULMON: CVE-2020-15933 // JVNDB: JVNDB-2020-017518 // CNNVD: CNNVD-202011-248 // NVD: CVE-2020-15933

SOURCES

db:VULHUBid:VHN-168961
db:VULMONid:CVE-2020-15933
db:JVNDBid:JVNDB-2020-017518
db:CNNVDid:CNNVD-202011-248
db:NVDid:CVE-2020-15933

LAST UPDATE DATE

2024-08-14T13:43:46.299000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-168961date:2022-01-12T00:00:00
db:VULMONid:CVE-2020-15933date:2022-01-05T00:00:00
db:JVNDBid:JVNDB-2020-017518date:2023-01-18T01:41:00
db:CNNVDid:CNNVD-202011-248date:2022-01-13T00:00:00
db:NVDid:CVE-2020-15933date:2022-01-12T20:03:45.657

SOURCES RELEASE DATE

db:VULHUBid:VHN-168961date:2022-01-05T00:00:00
db:VULMONid:CVE-2020-15933date:2022-01-05T00:00:00
db:JVNDBid:JVNDB-2020-017518date:2023-01-18T00:00:00
db:CNNVDid:CNNVD-202011-248date:2020-11-04T00:00:00
db:NVDid:CVE-2020-15933date:2022-01-05T12:15:07.977