Isode: Security Vulnerabilities
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-01-01
Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-21
Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-14
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
CVSS Score
7.8
EPSS Score
0.007
Published
2014-04-11
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
CVSS Score
5.8
EPSS Score
0.003
Published
2012-08-25
Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP.
CVSS Score
7.5
EPSS Score
0.062
Published
2006-02-15