CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.872

EPSS Ranking 99.4%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md
https://github.com/E3SEC/AfterLogic/blob/main/CVE-2021-26294-exposure-of-sensitive-information-vulnerability.md

Products affected by CVE-2021-26294

Afterlogic » Aurora » Version: 7.7.5

cpe:2.3:a:afterlogic:aurora:7.7.5
Afterlogic » Aurora » Version: 7.7.9

cpe:2.3:a:afterlogic:aurora:7.7.9
Afterlogic » Webmail Pro » Version: N/A

cpe:2.3:a:afterlogic:webmail_pro:-
Afterlogic » Webmail Pro » Version: 7.7.9

cpe:2.3:a:afterlogic:webmail_pro:7.7.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26294

Products

Pricing

Contact Us