Axigen · Axigen Mail Server · CVE-2020-26942
**Name of the Vulnerable Software and Affected Versions**
Axigen Mail Server versions 10.3.x through 10.3.1.26
Axigen Mail Server versions 10.3.2.x through 10.3.2.x
**Description**
An issue in Axigen Mail Server allows unauthenticated attackers to submit a `setAdminPassword` operation request, setting a new arbitrary password for the `admin` account.
**Recommendations**
For Axigen Mail Server versions 10.3.x through 10.3.1.26, update to version 10.3.1.27 or later.
For Axigen Mail Server versions 10.3.2.x through 10.3.2.x, update to version 10.3.3.1 or later.