PT-2002-1328 · Icewarp · Icewarp Web Mail

Publicado

2002-05-03

Atualizado

2016-10-18

CVE-2002-0258

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IceWarp Web Mail (affected versions not specified)

Description The issue concerns the use of a static identifier as a user session ID in IceWarp Web Mail, which remains unchanged across sessions. This could potentially allow remote attackers who obtain the ID to gain privileges as the affected user. For example, an attacker might extract the ID from the user's answer or forward URLs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0258

Produtos afetados

Icewarp Web Mail

PT-2002-1328 · Icewarp · Icewarp Web Mail

CVE-2002-0258

Identificadores relacionados

Produtos afetados

Referências · 2