PT-2002-3056 · Ensim · Ensim Webppliance

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2344

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ensim WEBppliance versions 3.0 through 3.1

Description The issue allows remote attackers to read mail intended for other users by defining an alias that is the target's email address.

Recommendations For Ensim WEBppliance versions 3.0 through 3.1, consider restricting access to the email alias definition feature to prevent unauthorized users from defining aliases that could be used to read other users' mail. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2002-2344

Affected Products

Ensim Webppliance

PT-2002-3056 · Ensim · Ensim Webppliance

CVE-2002-2344

Weakness Enumeration

Related Identifiers

Affected Products

References · 4