CVE Daily

CVE-2023-47539

An improper access control vulnerability in FortiMail version 7.4.0 configured w...

Critical CVSS 9.8

Overview

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.

CWE: CWE-284 Published: 2025-03-18T14:15:37.830
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: misconfiguration, unauth_access (tag impact: HIGH)

Recommended actions:

  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags