CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12924

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1060%
EPSS Percentile15.32th
PublishedJul 8, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

Affected Platforms (CPE)

πŸ“¦
Mailenable

Mailenable

>= 6.0 and < 6.90
πŸ“¦
Mailenable

Mailenable

>= 7.0 and < 7.62
πŸ“¦
Mailenable

Mailenable

>= 8.00 and < 8.64
πŸ“¦
Mailenable

Mailenable

>= 9.0 and < 9.83
πŸ“¦
Mailenable

Mailenable

>= 10.00 and < 10.24

References & Advisories

πŸ”— http://www.mailenable.com/Premium-ReleaseNotes.txt
πŸ”— https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/
πŸ”— http://www.mailenable.com/Premium-ReleaseNotes.txt
πŸ”— https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/

Related Vulnerabilities

CVE-2005-222210.0

Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.

CVE-2006-179210.0

Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Ent...

CVE-2005-101510.0

Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.

CVE-2006-642310.0

Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional ...