CVE-2019-12593

Name of the Vulnerable Software and Affected Versions IceWarp Mail Server versions prior to 10.4.5

Description The issue is related to a local file inclusion vulnerability. This can be exploited via the /webmail/calendar/minimizer/index.php API endpoint, specifically by manipulating the style parameter using directory traversal techniques, such as ..%5c.

Recommendations For versions prior to 10.4.5, update to version 10.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the /webmail/calendar/minimizer/index.php endpoint until a patch is applied.