Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-12923

Опубликовано: 08 июл. 2019
Источник: nvd
CVSS3: 6.5
CVSS2: 4.3
EPSS Низкий

Описание

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 6.0 (включая) до 6.90 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 7.0 (включая) до 7.62 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 8.00 (включая) до 8.64 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 9.0 (включая) до 9.83 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 10.00 (включая) до 10.24 (исключая)

EPSS

Процентиль: 12%
0.00042
Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

github логотип

GHSA-2fvq-gwm3-84c2

CVSS3: 6.5
github
больше 3 лет назад

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.

EPSS

Процентиль: 12%
0.00042
Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352