Vulnerability Details CVE-2019-12925
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.5
References
- http://www.mailenable.com/Premium-ReleaseNotes.txt
- https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/
- http://www.mailenable.com/Premium-ReleaseNotes.txt
- https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/
Products affected by CVE-2019-12925
-
cpe:2.3:a:mailenable:mailenable:*