Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-12924

Опубликовано: 08 июл. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 5
EPSS Низкий

Описание

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 6.0 (включая) до 6.90 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 7.0 (включая) до 7.62 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 8.00 (включая) до 8.64 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 9.0 (включая) до 9.83 (исключая)
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
Версия от 10.00 (включая) до 10.24 (исключая)

EPSS

Процентиль: 34%
0.00136
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-311

Связанные уязвимости

github логотип

GHSA-659q-9945-g8jr

CVSS3: 9.8
github
больше 3 лет назад

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

EPSS

Процентиль: 34%
0.00136
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-311