XXE Vulnerability in MailEnable Software by MailEnable
CVE-2015-9280

10CRITICAL

Key Information:

Vendor

Mailenable

Status
Mailenable
Vendor
CVE Published:
16 January 2019

What is CVE-2015-9280?

The vulnerability present in MailEnable software requires careful handling of XML inputs. Specifically, the application is susceptible to XML External Entity (XXE) attacks through manipulated XML documents sent via the request.aspx Options parameter. This weakness can lead to unintended exposure of sensitive data or potentially allow attackers to execute arbitrary commands, leveraging the XML processing capabilities of the server. Users are advised to upgrade to MailEnable version 8.60 or later to mitigate this risk.

References

https://www.nccgroup.trust/globalassets/our-research/uk/t...
x_refsource_MISC
https://www.nccgroup.trust/uk/our-research/multiple-vulne...
x_refsource_MISC
https://web.archive.org/web/20150329173628/http://www.mai...
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.