Arbitrary File Disclosure in IMP Email Client by Interwoven Solutions
CVE-2000-0911
Currently unrated
What is CVE-2000-0911?
The IMP email client versions 2.2 and earlier are susceptible to an arbitrary file disclosure vulnerability. By manipulating the 'attachment_name' hidden form variable, unauthorized attackers can read and delete files stored on the server. This exploitation allows attackers to retrieve sensitive information or disrupt normal functionality by deleting files that are critical to operations. It is crucial for users of IMP to apply security patches and follow best practices to mitigate this risk.
