Vulnerability Details CVE-2010-5334
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References