PT-2024-10803 · Axigen · Axigen Mail Server
Alexander Barakazian
+2
·
Published
2024-03-06
·
Updated
2024-08-05
·
CVE-2020-26942
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Axigen Mail Server versions 10.3.x through 10.3.1.26
Axigen Mail Server versions 10.3.2.x through 10.3.2.x
Description
An issue in Axigen Mail Server allows unauthenticated attackers to submit a
setAdminPassword operation request, setting a new arbitrary password for the admin account.Recommendations
For Axigen Mail Server versions 10.3.x through 10.3.1.26, update to version 10.3.1.27 or later.
For Axigen Mail Server versions 10.3.2.x through 10.3.2.x, update to version 10.3.3.1 or later.
Fix
Improper Access Control
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Axigen Mail Server