CVE-2024-46462

Published: Nov 15, 2024Modified: Nov 25, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H

Exploitability: 1.4 / Impact: 5.8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (1)

https://www.primx.eu/en/bulletins/security-bulletin-24931936/

Source: cve@mitre.org

Timeline

No history available yet.