QID 378008

Fortimail provides a platform having powerful, integrated capabilities to prevent, detect, and respond to email-based threats flexible deployment options to address on-premises, cloud, and hybrid email use cases

An improper access control vulnerability [CWE-284] in FortiMail may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references (IDOR).

Affected Version
Fortimail Versions: 7.2.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0

QID Detection Logic(Authenticated):
QID will fire the command to get system status and will match the affected version

A successful exploit may lead to impacting confidentiality, integrity and availability