CyberSec.Space Logo
Back to CVE Browser

CVE-2020-26942

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile44.29th
PublishedMar 21, 2024
Last ModifiedMar 5, 2025

Vulnerability Description

An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.

Affected Platforms (CPE)

📦
Axigen

Axigen Mail Server

>= 10.3.0 and < 10.3.1.27
📦
Axigen

Axigen Mail Server

>= 10.3.2.0 and < 10.3.3.1

References & Advisories

🔗 https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Authentication-Bypass-Vulnerability-CVE-2020-26942-_387.html
🔗 https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Authentication-Bypass-Vulnerability-CVE-2020-26942-_387.html

Related Vulnerabilities

CVE-2008-04349.3

Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code ...

CVE-2012-49406.4

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to ...

CVE-2015-53795.4

Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remo...

CVE-2010-34605.0

Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read ar...