Inter-domain information leakage
Summary
An improper access control vulnerability [CWE-284] in FortiMail may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).
Affected Products
FortiMail version 7.2.0
FortiMail version 7.0.0 through 7.0.3
FortiMail version 6.4.0 through 6.4.7
FortiMail version 6.2.0 through 6.2.9
FortiMail version 6.0.0 through 6.0.12
Solutions
Please upgrade to FortiMail version 7.2.1 or above
Please upgrade to FortiMail version 7.0.4 or above