Known vulnerabilities in Fortinet, Inc FortiMail

Vendor: Fortinet, Inc

Website: https://www.fortinet.com/

Total Security Bulletins: 26

Security bulletins (26)

Secuity bulletin	Severity	Status	Published
SB2025111875: CRLF header injection in FortiMail	Low	Patched	18.11.2025
SB2025101507: Insertion of Sensitive Information Into Sent Data in Fortinet products	Low	Patched	15.10.2025
SB2025081298: Relative path traversal in Fortinet products	Low	Patched	12.08.2025
SB20250513104: Remote code execution in Fortinet products	Critical	Patched Exploited	13.05.2025
SB2025040982: Privilege escalation in FortiMail and FortiRecorder	Low	Patched	09.04.2025
SB2025031204: Privilege escalation in FortiMail	Low	Patched	12.03.2025
SB2024101444: FortiMail update for OpenSSH regreSSHion attack	High	Patched Public exploit	14.10.2024
SB2023121510: CSRF in FortiMail HTTPd CLI console	Medium	Patched	15.12.2023
SB2023121509: Authentication bypass in FortiMail	High	Patched	15.12.2023
SB2023112013: Improper Authorization in Fortinet FortiMail	Medium	Patched	20.11.2023
SB2023112012: Improper Restriction of Excessive Authentication Attempts in Fortinet FortiMail	Medium	Patched	20.11.2023
SB2023101244: Multiple vulnerabilities in Fortinet FortiMail	Medium	Patched	12.10.2023
SB2023041203: Denial of service in FortiAuthenticator, FortiDeceptor and FortiMail	Low	Patched	12.04.2023
SB2022110231: Insufficient verification of data authenticity in Fortinet AV Engine	Medium	Patched	02.11.2022
SB2022110219: Improper access control in Fortinet FortiMail	Low	Patched	02.11.2022
SB2022090660: Cross-site scripting in FortiMail	Medium	Patched	06.09.2022
SB2022080236: Format string error in FortiMail	Low	Patched	02.08.2022
SB2022040424: Denial of service in FortiMail OpenSSL library	Medium	Not patched	04.04.2022
SB2022030125: Multiple vulnerabilities in Fortinet FortiMail	High	Patched	01.03.2022
SB2022020174: Cross-site scripting in FortiMail	Medium	Patched Public exploit	01.02.2022
SB2021120721: Information disclosure in FortiMail	Medium	Not patched	07.12.2021
SB2021071352: Multiple vulnerabilities in Fortinet FortiMail	High	Patched	13.07.2021
SB2020110315: Information disclosure in Fortinet FortiMai	Low	Patched	03.11.2020
SB2020042719: Authentication bypass in Fortinet FortiMail and FortiVoice Entreprise	High	Patched Public exploit	27.04.2020
SB2019101810: Multiple vulnerabilities in Fortinet FortiMail	Medium	Patched Public exploit	18.10.2019
SB2017101310: Cross-site scripting in Fortinet FortiMail	Low	Patched	13.10.2017