Securenvoy

securenvoy

10 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Multi Factor Authentication Solutions

multi-factor_authentication_solutions

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37393 1Securenvoy 1Multi Factor Authentication Solutions Nov 21, 2024 Jun 10, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through bl...Show more Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.Show less
CVE-2020-13376 1Securenvoy 1Securmail Nov 21, 2024 Aug 7, 2020 N/A· v4 9.0 CRITICAL· v3 9.3 HIGH· v2 SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie.
CVE-2018-18466 1Securenvoy 1Securaccess May 30, 2025 Mar 21, 2019 N/A· v4 7.0 HIGH· v3 1.9 LOW· v2 An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that...Show more An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues.Show less
CVE-2018-7707 1Securenvoy 1Securmail Nov 21, 2024 Mar 15, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
CVE-2018-7706 1Securenvoy 1Securmail Nov 21, 2024 Mar 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/...Show more Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.Show less
CVE-2018-7705 1Securenvoy 1Securmail Nov 21, 2024 Mar 15, 2018 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload...Show more Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.Show less
CVE-2018-7704 1Securenvoy 1Securmail Nov 21, 2024 Mar 15, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.
CVE-2018-7703 1Securenvoy 1Securmail Nov 21, 2024 Mar 15, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
CVE-2018-7702 1Securenvoy 1Securmail Nov 21, 2024 Mar 15, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by levera...Show more SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.Show less
CVE-2018-7701 1Securenvoy 1Securmail Nov 21, 2024 Mar 15, 2018 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.Show less