Описание
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.0057
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
EPSS
Процентиль: 68%
0.0057
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other