Vulnerability Details CVE-2006-6964
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.1%
CVSS Severity
CVSS v2 Score 4.0
References
- http://securitytracker.com/id?1016337
- http://www.mailenable.com/Professional1-ReleaseNotes.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27185
- http://securitytracker.com/id?1016337
- http://www.mailenable.com/Professional1-ReleaseNotes.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27185
Products affected by CVE-2006-6964
-
cpe:2.3:a:mailenable:mailenable_professional:1.7
-
cpe:2.3:a:mailenable:mailenable_professional:1.71
-
cpe:2.3:a:mailenable:mailenable_professional:1.72
-
cpe:2.3:a:mailenable:mailenable_professional:1.73
-
cpe:2.3:a:mailenable:mailenable_professional:1.74
-
cpe:2.3:a:mailenable:mailenable_professional:1.75
-
cpe:2.3:a:mailenable:mailenable_professional:1.76
-
cpe:2.3:a:mailenable:mailenable_professional:1.77