Approved changes feed: RSS · Atom

cpe:2.3:a:mailenable:mailenable:*:*:*:*:premium:*:*:*

part: a version: * update: *

VendorMailenable (ac781917-bc09-5845-a37c-c45d67bfa524)
ProductMailenable (9e2ec56e-3deb-5201-b101-fcc46de7b710)
Edition*
Language*
Software editionpremium
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-12926 vulnerable 2026-06-08 05:12:40.646705 Details available
MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.
Published: 2019-07-08T21:03:06.000Z
Updated: 2024-08-04T23:32:55.635Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12925 vulnerable 2026-06-08 05:12:40.646370 Details available
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts.
Published: 2019-07-08T21:01:24.000Z
Updated: 2024-08-04T23:32:55.600Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12924 vulnerable 2026-06-08 05:12:40.645995 Details available
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).
Published: 2019-07-08T21:00:00.000Z
Updated: 2024-08-04T23:32:55.586Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-12923 vulnerable 2026-06-08 05:12:40.645436 Details available
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.
Published: 2019-07-08T20:58:30.000Z
Updated: 2024-08-04T23:32:55.606Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.