← Back

CVE-2019-12923

nvd nist
Published: Jul 8, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.

Affected (5)

Mailenable
1 product
Mailenable
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Mailenable
Mailenable
From 10.00 to 10.24
Mailenable
From 6.0 to 6.90
Mailenable
From 7.0 to 7.62
Mailenable
From 8.00 to 8.64
Mailenable
From 9.0 to 9.83

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory

Timeline

No history available yet.