CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-12924

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1060%
EPSS Percentile15.32th
Published2019年7月8日
Last Modified2024年11月21日

Vulnerability Description

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

Affected Platforms (CPE)

📦
Mailenable

Mailenable

>= 6.0 and < 6.90
📦
Mailenable

Mailenable

>= 7.0 and < 7.62
📦
Mailenable

Mailenable

>= 8.00 and < 8.64
📦
Mailenable

Mailenable

>= 9.0 and < 9.83
📦
Mailenable

Mailenable

>= 10.00 and < 10.24

References & Advisories

🔗 http://www.mailenable.com/Premium-ReleaseNotes.txt
🔗 https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/
🔗 http://www.mailenable.com/Premium-ReleaseNotes.txt
🔗 https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/

関連する脆弱性情報

CVE-2005-222210.0

Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.

CVE-2006-179210.0

Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Ent...

CVE-2005-101510.0

Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.

CVE-2006-642310.0

Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional ...