Vulnerability Details CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References