CVE-2023-36633

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.

Related Vulnerabilities

CVE-2018-16086

MEDIUM
CVSS:5.4(Medium)

Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via...

CWE-2852018

CVE-2019-14870

MEDIUM
CVSS:5.4(Medium)

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clien...

CWE-2852019

CVE-2019-1842

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct...

CWE-2852019

CVE-2020-3267

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerabilit...

CWE-2852020

CVE-2021-42331

MEDIUM
CVSS:5.4(Medium)

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule...

CWE-2852021

CVE-2022-0829

MEDIUM
CVSS:5.4(Medium)

Improper Authorization in GitHub repository webmin/webmin prior to 1.990.

CWE-2852022