PT-2019-13026 · Mailenable · Mailenable Enterprise Premium
Publicado
2019-07-08
·
Atualizado
2020-08-24
·
CVE-2019-12926
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MailEnable Enterprise Premium version 10.23
Description
The issue concerns inadequate access control checks in multiple areas, allowing users to perform unauthorized actions and access restricted parts of the application despite having insufficient permissions.
Recommendations
For MailEnable Enterprise Premium version 10.23, consider restricting access to sensitive areas of the application and implementing additional access control checks to prevent unauthorized actions until a fix is available. As a temporary workaround, review and adjust user permissions to minimize the risk of exploitation.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mailenable Enterprise Premium