Mailenable
Approved changes feed: RSS · Atom
cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*
part: a version: * update: *
| Vendor | Mailenable (ac781917-bc09-5845-a37c-c45d67bfa524) |
|---|---|
| Product | Mailenable (9e2ec56e-3deb-5201-b101-fcc46de7b710) |
| Edition | * |
| Language | * |
| Software edition | premium |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-12926 |
vulnerable | 2026-06-08 05:12:40.646705 |
Details available
MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.
Published: 2019-07-08T21:03:06.000Z
Updated: 2024-08-04T23:32:55.635Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12925 |
vulnerable | 2026-06-08 05:12:40.646370 |
Details available
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts.
Published: 2019-07-08T21:01:24.000Z
Updated: 2024-08-04T23:32:55.600Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12924 |
vulnerable | 2026-06-08 05:12:40.645995 |
Details available
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).
Published: 2019-07-08T21:00:00.000Z
Updated: 2024-08-04T23:32:55.586Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12923 |
vulnerable | 2026-06-08 05:12:40.645436 |
Details available
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.
Published: 2019-07-08T20:58:30.000Z
Updated: 2024-08-04T23:32:55.606Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.