Vulnerabilites related to icewarp - mail_server
cve-2019-19266
Vulnerability from cvelistv5
Published
2020-01-06 00:00
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Jan/1 | x_refsource_MISC | |
| https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T00:00:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Jan/1",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/1"
},
{
"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes",
"refsource": "CONFIRM",
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19266",
"datePublished": "2020-01-06T00:00:39",
"dateReserved": "2019-11-25T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39700
Vulnerability from cvelistv5
Published
2023-08-24 00:00
Modified
2024-10-03 13:33
Severity ?
EPSS score ?
Summary
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:09.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_%28XSS%29"
},
{
"tags": [
"x_transferred"
],
"url": "https://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-y"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:33:14.655610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:33:22.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T23:57:06.210629",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"url": "https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_%28XSS%29"
},
{
"url": "https://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-y"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39700",
"datePublished": "2023-08-24T00:00:00",
"dateReserved": "2023-08-07T00:00:00",
"dateUpdated": "2024-10-03T13:33:22.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1503
Vulnerability from cvelistv5
Published
2018-05-08 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44587/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:16.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html"
},
{
"name": "44587",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44587/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-08T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html"
},
{
"name": "44587",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44587/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614"
},
{
"name": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html"
},
{
"name": "44587",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44587/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1503",
"datePublished": "2018-05-08T20:00:00",
"dateReserved": "2015-02-06T00:00:00",
"dateUpdated": "2024-08-06T04:47:16.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16324
Vulnerability from cvelistv5
Published
2018-09-01 18:00
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2018080098 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2018080098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-01T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2018080098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2018080098",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018080098"
},
{
"name": "https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16324",
"datePublished": "2018-09-01T18:00:00",
"dateReserved": "2018-09-01T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36580
Vulnerability from cvelistv5
Published
2023-07-27 00:00
Modified
2024-10-23 13:05
Severity ?
EPSS score ?
Summary
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:57.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://icewarp.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://mail.ziyan.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-36580",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T13:05:33.382900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T13:05:42.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://icewarp.com"
},
{
"url": "http://mail.ziyan.com"
},
{
"url": "https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36580",
"datePublished": "2023-07-27T00:00:00",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-10-23T13:05:42.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14064
Vulnerability from cvelistv5
Published
2020-07-15 19:11
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.icewarp.com/download-premise/server/ | x_refsource_MISC | |
| https://github.com/networksecure/Icewarp_incorrect_access_control | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/networksecure/Icewarp_incorrect_access_control"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:11:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/networksecure/Icewarp_incorrect_access_control"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.icewarp.com/download-premise/server/",
"refsource": "MISC",
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"name": "https://github.com/networksecure/Icewarp_incorrect_access_control",
"refsource": "MISC",
"url": "https://github.com/networksecure/Icewarp_incorrect_access_control"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14064",
"datePublished": "2020-07-15T19:11:02",
"dateReserved": "2020-06-14T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12844
Vulnerability from cvelistv5
Published
2017-08-23 14:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://youtu.be/MI4dhEia1d4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/MI4dhEia1d4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-23T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/MI4dhEia1d4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/MI4dhEia1d4",
"refsource": "MISC",
"url": "https://youtu.be/MI4dhEia1d4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12844",
"datePublished": "2017-08-23T14:00:00",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19265
Vulnerability from cvelistv5
Published
2020-01-06 00:09
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Jan/0 | x_refsource_MISC | |
| https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T00:09:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2020/Jan/0",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/0"
},
{
"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts",
"refsource": "CONFIRM",
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19265",
"datePublished": "2020-01-06T00:09:20",
"dateReserved": "2019-11-25T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12593
Vulnerability from cvelistv5
Published
2019-06-03 16:41
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-04T22:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt",
"refsource": "MISC",
"url": "https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt"
},
{
"name": "http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12593",
"datePublished": "2019-06-03T16:41:07",
"dateReserved": "2019-06-03T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39699
Vulnerability from cvelistv5
Published
2023-08-24 00:00
Modified
2024-10-03 13:35
Severity ?
EPSS score ?
Summary
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:09.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/98.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
},
{
"tags": [
"x_transferred"
],
"url": "https://drive.google.com/file/d/1NkqL4ySJApyPy8B-zDC7vE-QMBQAu8OU"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:34:51.761626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:35:00.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T23:57:05.503884",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/98.html"
},
{
"url": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
},
{
"url": "https://drive.google.com/file/d/1NkqL4ySJApyPy8B-zDC7vE-QMBQAu8OU"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39699",
"datePublished": "2023-08-24T00:00:00",
"dateReserved": "2023-08-07T00:00:00",
"dateUpdated": "2024-10-03T13:35:00.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7475
Vulnerability from cvelistv5
Published
2018-06-30 14:00
Modified
2024-08-05 06:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/ | x_refsource_MISC | |
| https://www.youtube.com/watch?v=8_3Q80JrMm4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:03.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=8_3Q80JrMm4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=8_3Q80JrMm4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/",
"refsource": "MISC",
"url": "https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/"
},
{
"name": "https://www.youtube.com/watch?v=8_3Q80JrMm4",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=8_3Q80JrMm4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7475",
"datePublished": "2018-06-30T14:00:00",
"dateReserved": "2018-02-25T00:00:00",
"dateUpdated": "2024-08-05T06:31:03.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14066
Vulnerability from cvelistv5
Published
2020-07-15 19:12
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.icewarp.com/download-premise/server/ | x_refsource_MISC | |
| https://github.com/networksecure/icewarp_insecure_permissions | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/networksecure/icewarp_insecure_permissions"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:12:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/networksecure/icewarp_insecure_permissions"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.icewarp.com/download-premise/server/",
"refsource": "MISC",
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"name": "https://github.com/networksecure/icewarp_insecure_permissions",
"refsource": "MISC",
"url": "https://github.com/networksecure/icewarp_insecure_permissions"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14066",
"datePublished": "2020-07-15T19:12:45",
"dateReserved": "2020-06-14T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3580
Vulnerability from cvelistv5
Published
2011-09-30 17:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/49753 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/75722 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70026 | vdb-entry, x_refsource_XF | |
| https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/8404 | third-party-advisory, x_refsource_SREASON | |
| http://securitytracker.com/id?1026093 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"name": "49753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"name": "75722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75722"
},
{
"name": "icewarpwebmail-phpinfo-info-disc(70026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"name": "8404",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8404"
},
{
"name": "1026093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"name": "49753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"name": "75722",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75722"
},
{
"name": "icewarpwebmail-phpinfo-info-disc(70026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"name": "8404",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8404"
},
{
"name": "1026093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"name": "49753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49753"
},
{
"name": "75722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75722"
},
{
"name": "icewarpwebmail-phpinfo-info-disc(70026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70026"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"name": "8404",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8404"
},
{
"name": "1026093",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3580",
"datePublished": "2011-09-30T17:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14065
Vulnerability from cvelistv5
Published
2020-07-15 19:12
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.icewarp.com/download-premise/server/ | x_refsource_MISC | |
| https://github.com/networksecure/icewarp_unlimited_file_upload | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/networksecure/icewarp_unlimited_file_upload"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:12:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/networksecure/icewarp_unlimited_file_upload"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.icewarp.com/download-premise/server/",
"refsource": "MISC",
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"name": "https://github.com/networksecure/icewarp_unlimited_file_upload",
"refsource": "MISC",
"url": "https://github.com/networksecure/icewarp_unlimited_file_upload"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14065",
"datePublished": "2020-07-15T19:12:01",
"dateReserved": "2020-06-14T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3579
Vulnerability from cvelistv5
Published
2011-09-30 17:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/49753 | vdb-entry, x_refsource_BID | |
| https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70025 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/8404 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/75721 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1026093 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"name": "49753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"name": "icewarpwebmail-xml-info-disclosure(70025)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70025"
},
{
"name": "8404",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8404"
},
{
"name": "75721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75721"
},
{
"name": "1026093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"name": "49753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"name": "icewarpwebmail-xml-info-disclosure(70025)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70025"
},
{
"name": "8404",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8404"
},
{
"name": "75721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75721"
},
{
"name": "1026093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"name": "49753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49753"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"name": "icewarpwebmail-xml-info-disclosure(70025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70025"
},
{
"name": "8404",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8404"
},
{
"name": "75721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75721"
},
{
"name": "1026093",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3579",
"datePublished": "2011-09-30T17:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27982
Vulnerability from cvelistv5
Published
2020-11-09 19:12
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
IceWarp 11.4.5.0 allows XSS via the language parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://cxsecurity.com/issue/WLB-2020100161 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:44.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2020100161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IceWarp 11.4.5.0 allows XSS via the language parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T19:12:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2020100161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp 11.4.5.0 allows XSS via the language parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html"
},
{
"name": "https://cxsecurity.com/issue/WLB-2020100161",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2020100161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27982",
"datePublished": "2020-11-09T19:12:39",
"dateReserved": "2020-10-28T00:00:00",
"dateUpdated": "2024-08-04T16:25:44.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-09-30 17:55
Modified
2024-11-21 01:30
Severity ?
Summary
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | * | |
| icewarp | mail_server | 9.3.0 | |
| icewarp | mail_server | 9.3.1 | |
| icewarp | mail_server | 9.3.2 | |
| icewarp | mail_server | 9.4.0 | |
| icewarp | mail_server | 9.4.1 | |
| icewarp | mail_server | 9.4.2 | |
| icewarp | mail_server | 10.0.3 | |
| icewarp | mail_server | 10.0.4 | |
| icewarp | mail_server | 10.0.7 | |
| icewarp | mail_server | 10.0.8 | |
| icewarp | mail_server | 10.1.1 | |
| icewarp | mail_server | 10.1.2 | |
| icewarp | mail_server | 10.1.3 | |
| icewarp | mail_server | 10.1.4 | |
| icewarp | mail_server | 10.2.0 | |
| icewarp | mail_server | 10.2.1 | |
| icewarp | mail_server | 10.2.2 | |
| icewarp | mail_server | 10.3.0 | |
| icewarp | mail_server | 10.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E11FB6B8-D2E7-4F76-B38C-FF90517A6EFF",
"versionEndIncluding": "10.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22B17040-1D48-4BCC-8AB8-CE275630AB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF60A80C-6148-4234-87F7-9E5226C05293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC90647F-D741-436E-812D-950A0A69AE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7603560-8C55-4A46-BE89-BB2D03F5B111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B56EBDA-600D-4091-BF31-717DAC195EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E50E0941-3BDD-496A-A533-181C50C315AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9442E4-0468-4FAD-8470-A89BB6DEF8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D52315B-50BA-447A-85D2-1119CA464B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20816B82-986E-44F1-9188-34A1827231C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12060349-5779-435C-BDC9-4ECDA6277BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7BF916-C278-435C-8E8E-5F67BDC1DB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99FE1579-35EC-4C6C-A63A-E3DBC0F7FD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A72083C1-0045-4929-B705-0610C5E0CA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5316DDD8-84F0-4F1B-8A6C-FFFAF78C0686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75359877-B017-47A5-9ADE-9B9FDEBB3F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64D4A427-889F-4928-B535-636A2A7D85AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51F02A0D-378E-4150-B105-B826B6AC1553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C8D192-0E1A-4379-995A-B294E2FD1EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2ADA889-C52D-4C80-96EB-834489654614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function."
},
{
"lang": "es",
"value": "IceWarp WebMail en el servidor de correo IceWarp anterirores a v10.3.3 permite a atacantes remotos obtener informaci\u00f3n de configuraci\u00f3n a trav\u00e9s de una petici\u00f3n directa a la URI /server, lo que provoca una llamada a la funci\u00f3n phpinfo."
}
],
"id": "CVE-2011-3580",
"lastModified": "2024-11-21T01:30:47.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-30T17:55:01.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8404"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1026093"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/75722"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70026"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1026093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-30 14:29
Modified
2024-11-21 04:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=8_3Q80JrMm4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=8_3Q80JrMm4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 12.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:12.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "85DAA491-6DF3-49AC-9491-6D678A6CF6A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en las URI webdav/ticket/ en IceWarp Mail Server 12.0.3 permite que atacantes remotos autenticados inyecten scripts web o HTLM."
}
],
"id": "CVE-2018-7475",
"lastModified": "2024-11-21T04:12:12.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-30T14:29:00.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=8_3Q80JrMm4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0xd0ff9.wordpress.com/2018/06/21/cve-2018-7475/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=8_3Q80JrMm4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-02 21:15
Modified
2024-11-21 05:22
Severity ?
Summary
IceWarp 11.4.5.0 allows XSS via the language parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2020100161 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2020100161 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 11.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:11.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA825A8-0D0F-42B6-8B6E-C1702132CB92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp 11.4.5.0 allows XSS via the language parameter."
},
{
"lang": "es",
"value": "IceWarp versi\u00f3n 11.4.5.0, permite un ataque de tipo XSS por medio del par\u00e1metro language"
}
],
"id": "CVE-2020-27982",
"lastModified": "2024-11-21T05:22:08.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-02T21:15:29.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2020100161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2020100161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-06 01:15
Modified
2024-11-21 04:34
Severity ?
Summary
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/0 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/0 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A2BA5-6EAD-4D59-A803-ACD7897BDDBC",
"versionEndExcluding": "12.2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts."
},
{
"lang": "es",
"value": "IceWarp WebMail Server versiones 12.2.0 y versiones 12.1.x anteriores a la versi\u00f3n 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 1 de 2) en notas para contactos."
}
],
"id": "CVE-2019-19265",
"lastModified": "2024-11-21T04:34:27.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-06T01:15:10.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-015/-icewarp-cross-site-scripting-in-notes-for-contacts"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-23 14:29
Modified
2024-11-21 03:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://youtu.be/MI4dhEia1d4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/MI4dhEia1d4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 10.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4D9EF8-9B01-4AD2-876B-4CC55C779076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en en panel de administrador en IceWarp Mail Server 10.4.4 permite que administradores del dominio remotos autenticados inyecten scripts web o HTLM arbitrarios mediante un nombre de usuario manipulado."
}
],
"id": "CVE-2017-12844",
"lastModified": "2024-11-21T03:10:17.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-23T14:29:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/MI4dhEia1d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/MI4dhEia1d4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 20:15
Modified
2024-11-21 05:02
Severity ?
Summary
IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/networksecure/icewarp_unlimited_file_upload | Third Party Advisory | |
| cve@mitre.org | https://www.icewarp.com/download-premise/server/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/networksecure/icewarp_unlimited_file_upload | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.icewarp.com/download-premise/server/ | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 12.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:12.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE65EFB-86D7-4AC2-85B5-8D06EE5F5D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space."
},
{
"lang": "es",
"value": "IceWarp Email Server versi\u00f3n 12.3.0.1, permite a atacantes remotos cargar archivos y consumir espacio en disco"
}
],
"id": "CVE-2020-14065",
"lastModified": "2024-11-21T05:02:31.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T20:15:13.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/networksecure/icewarp_unlimited_file_upload"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/networksecure/icewarp_unlimited_file_upload"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.icewarp.com/download-premise/server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-25 00:15
Modified
2024-11-21 08:15
Severity ?
Summary
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 10.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B36217E-C6E5-4841-9B43-802B0D1474B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter."
},
{
"lang": "es",
"value": "Se ha descubierto que IceWarp Mail Server v10.4.5 contiene una vulnerabilidad de Cross-Site Scripting reflejado (XSS) a trav\u00e9s del par\u00e1metro color. "
}
],
"id": "CVE-2023-39700",
"lastModified": "2024-11-21T08:15:50.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-25T00:15:09.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-y"
},
{
"source": "cve@mitre.org",
"url": "https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_%28XSS%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/file/d/1QL_517UbTFJox4CXKQpP9fehR1yXRJ-y"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_%28XSS%29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-25 00:15
Modified
2024-11-21 08:15
Severity ?
Summary
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 10.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B36217E-C6E5-4841-9B43-802B0D1474B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server."
}
],
"id": "CVE-2023-39699",
"lastModified": "2024-11-21T08:15:50.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-25T00:15:09.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/98.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/file/d/1NkqL4ySJApyPy8B-zDC7vE-QMBQAu8OU"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/98.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/file/d/1NkqL4ySJApyPy8B-zDC7vE-QMBQAu8OU"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 20:15
Modified
2024-11-21 05:02
Severity ?
Summary
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/networksecure/icewarp_insecure_permissions | Third Party Advisory | |
| cve@mitre.org | https://www.icewarp.com/download-premise/server/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/networksecure/icewarp_insecure_permissions | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.icewarp.com/download-premise/server/ | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 12.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:12.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE65EFB-86D7-4AC2-85B5-8D06EE5F5D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access."
},
{
"lang": "es",
"value": "IceWarp Email Server versi\u00f3n 12.3.0.1, permite a atacantes remotos cargar archivos JavaScript que son peligrosos para que los clientes accedan"
}
],
"id": "CVE-2020-14066",
"lastModified": "2024-11-21T05:02:31.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T20:15:13.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/networksecure/icewarp_insecure_permissions"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/networksecure/icewarp_insecure_permissions"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.icewarp.com/download-premise/server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-08 20:29
Modified
2024-11-21 02:25
Severity ?
Summary
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44587/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44587/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED4B8FC-C515-4917-87D5-DE974AC462C6",
"versionEndExcluding": "11.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en IceWarp Mail Server en versiones anteriores a la 11.2 permiten que atacantes remotos lean archivos arbitrarios mediante (1) un .. (punto punto) en el par\u00e1metro file en una p\u00e1gina webmail/client/skins/default/css/css.php o .../. (punto punto punto barra punto) en los par\u00e1metros (2) script o (3) style en webmail/old/calendar/minimizer/index.php."
}
],
"id": "CVE-2015-1503",
"lastModified": "2024-11-21T02:25:34.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-08T20:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44587/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44587/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-06 00:15
Modified
2024-11-21 04:34
Severity ?
Summary
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Jan/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Jan/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A2BA5-6EAD-4D59-A803-ACD7897BDDBC",
"versionEndExcluding": "12.2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects."
},
{
"lang": "es",
"value": "IceWarp WebMail Server versi\u00f3n 12.2.0 y versiones 12.1.x anteriores a la versi\u00f3n 12.2.1.1 (y probablemente versiones anteriores), permite un ataque de tipo XSS (problema 2 de 2) en notas para objetos."
}
],
"id": "CVE-2019-19266",
"lastModified": "2024-11-21T04:34:27.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-06T00:15:10.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-016/-icewarp-cross-site-scripting-in-notes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 20:15
Modified
2024-11-21 05:02
Severity ?
Summary
IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/networksecure/Icewarp_incorrect_access_control | Third Party Advisory | |
| cve@mitre.org | https://www.icewarp.com/download-premise/server/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/networksecure/Icewarp_incorrect_access_control | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.icewarp.com/download-premise/server/ | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | 12.3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:12.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE65EFB-86D7-4AC2-85B5-8D06EE5F5D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts."
},
{
"lang": "es",
"value": "IceWarp Email Server versi\u00f3n 12.3.0.1, presenta un Control de Acceso Incorrecto para las cuentas de usuario"
}
],
"id": "CVE-2020-14064",
"lastModified": "2024-11-21T05:02:31.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T20:15:13.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/networksecure/Icewarp_incorrect_access_control"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.icewarp.com/download-premise/server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/networksecure/Icewarp_incorrect_access_control"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.icewarp.com/download-premise/server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-30 17:55
Modified
2024-11-21 01:30
Severity ?
Summary
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | * | |
| icewarp | mail_server | 9.3.0 | |
| icewarp | mail_server | 9.3.1 | |
| icewarp | mail_server | 9.3.2 | |
| icewarp | mail_server | 9.4.0 | |
| icewarp | mail_server | 9.4.1 | |
| icewarp | mail_server | 9.4.2 | |
| icewarp | mail_server | 10.0.3 | |
| icewarp | mail_server | 10.0.4 | |
| icewarp | mail_server | 10.0.7 | |
| icewarp | mail_server | 10.0.8 | |
| icewarp | mail_server | 10.1.1 | |
| icewarp | mail_server | 10.1.2 | |
| icewarp | mail_server | 10.1.3 | |
| icewarp | mail_server | 10.1.4 | |
| icewarp | mail_server | 10.2.0 | |
| icewarp | mail_server | 10.2.1 | |
| icewarp | mail_server | 10.2.2 | |
| icewarp | mail_server | 10.3.0 | |
| icewarp | mail_server | 10.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E11FB6B8-D2E7-4F76-B38C-FF90517A6EFF",
"versionEndIncluding": "10.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22B17040-1D48-4BCC-8AB8-CE275630AB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF60A80C-6148-4234-87F7-9E5226C05293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC90647F-D741-436E-812D-950A0A69AE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7603560-8C55-4A46-BE89-BB2D03F5B111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B56EBDA-600D-4091-BF31-717DAC195EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:9.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E50E0941-3BDD-496A-A533-181C50C315AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9442E4-0468-4FAD-8470-A89BB6DEF8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D52315B-50BA-447A-85D2-1119CA464B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "20816B82-986E-44F1-9188-34A1827231C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12060349-5779-435C-BDC9-4ECDA6277BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7BF916-C278-435C-8E8E-5F67BDC1DB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99FE1579-35EC-4C6C-A63A-E3DBC0F7FD72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A72083C1-0045-4929-B705-0610C5E0CA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5316DDD8-84F0-4F1B-8A6C-FFFAF78C0686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75359877-B017-47A5-9ADE-9B9FDEBB3F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64D4A427-889F-4928-B535-636A2A7D85AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51F02A0D-378E-4150-B105-B826B6AC1553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C8D192-0E1A-4379-995A-B294E2FD1EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2ADA889-C52D-4C80-96EB-834489654614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference."
},
{
"lang": "es",
"value": "server/webmail.php en IceWarp WebMail en el servidor de correo IceWarp anteriores a v10.3.3 permite a atacantes remotos leer ficheros arbitrarios, y posiblemente enviar peticiones HTTP a los servidores de la intranet o causar una denegaci\u00f3n de servicio (Agotamiento de CPU y de memoria), a trav\u00e9s de una entidad externa XML declaraci\u00f3n en relaci\u00f3n con una referencia de entidad."
}
],
"id": "CVE-2011-3579",
"lastModified": "2024-11-21T01:30:47.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-30T17:55:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8404"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1026093"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/75721"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70025"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1026093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/49753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-03 17:29
Modified
2024-11-21 04:23
Severity ?
Summary
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A445B3-5439-4B24-A83F-02E23359E19E",
"versionEndIncluding": "10.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal."
},
{
"lang": "es",
"value": "En IceWarp Mail Server hasta la versi\u00f3n 10.4.4 un salto de directorio permite una vulnerabilidad de inclusi\u00f3n de archivos locales mediante webmail / calendar / minimizer / index.php? Style = ..% 5c"
}
],
"id": "CVE-2019-12593",
"lastModified": "2024-11-21T04:23:09.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-03T17:29:01.430",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-01 18:29
Modified
2024-11-21 03:52
Severity ?
Summary
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2018080098 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2018080098 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | mail_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D430EA2-FE28-40DB-ADE8-34347FAE19F7",
"versionEndIncluding": "12.0.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field."
},
{
"lang": "es",
"value": "En IceWarp Server en versiones 12.0.3.1 y anteriores, hay Cross-Site Scripting (XSS) en el campo username en /webmail/."
}
],
"id": "CVE-2018-16324",
"lastModified": "2024-11-21T03:52:31.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-01T18:29:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2018080098"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2018080098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/148887/IceWarp-WebMail-12.0.3.1-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-27 18:15
Modified
2024-11-21 06:13
Severity ?
Summary
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icewarp | icewarp_server | * | |
| icewarp | mail_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E58B7FE-833A-48D9-B9A3-0DB2FD5F039A",
"versionEndExcluding": "13.0.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0DEA97-0B80-4322-97DD-5E5430DC5617",
"versionEndExcluding": "13.0.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter."
}
],
"id": "CVE-2021-36580",
"lastModified": "2024-11-21T06:13:50.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-27T18:15:09.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://icewarp.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://mail.ziyan.com"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://icewarp.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://mail.ziyan.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}