TTCSIRT-258.010620: TT-CSIRT ADVISORY- FORTIMAIL ADMIN PRIVILEGE ESCALATION
Two improper access control vulnerabilities in FortiMail admin webUI may allow administrators to perform privileged functions they should not be authorized for.
Specifically, the two vulnerabilities are identified as the following:
CVE-2019-15712: improper access control to web console
CVE-2019-15707: improper access control to system backup config download
Impact: Improper Access Control
Affected Products: FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below.
Solutions: Upgrade to 6.2.1, 6.0.7 or 5.4.11
For further review please see the following link: