| |
Vulnerability CVE-2021-26090
Published: 2021-07-12
| Description: |
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. |
Type:
CWE-401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Partial |
References: |
https://fortiguard.com/advisory/FG-IR-21-042
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
