Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-12926

MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.

Published

2019-07-08T22:15:11.737

Last Modified

2024-11-21T04:23:50.250

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mailenable	mailenable	< 6.90	Yes
Application	mailenable	mailenable	< 7.62	Yes
Application	mailenable	mailenable	< 8.64	Yes
Application	mailenable	mailenable	< 9.83	Yes
Application	mailenable	mailenable	< 10.24	Yes

References

http://www.mailenable.com/Premium-ReleaseNotes.txt Release Notes, Vendor Advisory ([email protected])
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/ Release Notes, Third Party Advisory ([email protected])
http://www.mailenable.com/Premium-ReleaseNotes.txt Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/ Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)