Privilege Escalation Vulnerability in MailEnable by MailEnable
CVE-2015-9278

9.8CRITICAL

Key Information:

Vendor

Mailenable

Status
Mailenable
Vendor
CVE Published:
16 January 2019

What is CVE-2015-9278?

MailEnable versions prior to 8.60 exhibit a vulnerability that allows for privilege escalation. This compromise arises from a mishandling in the AUTH.TAB file during the password-change request process, leading to potential creation of unauthorized admin accounts. This flaw underscores the importance of secure authentication practices and prompt updates to software.

References

https://www.nccgroup.trust/globalassets/our-research/uk/t...
x_refsource_MISC
https://www.nccgroup.trust/uk/our-research/multiple-vulne...
x_refsource_MISC
https://web.archive.org/web/20150329173628/http://www.mai...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.