Security Advisory

CVE-2021-24020

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-09 18:17:26
Last updated 2024-10-25 13:57:25
Assigner fortinet
State PUBLISHED

Description

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification.