A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
Please upgrade to FortiAuthenticator version 6.5.0 or above,
Please upgrade to FortiDeceptor version 3.2.0 or above.
Please upgrade to FortiMail version 6.4.1 or above,
Please upgrade to FortiMail version 6.2.5 or above,
Please upgrade to FortiMail version 6.0.10 or above.