Authentication Bypass in Apache Pony Mail
CVE-2016-4460

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Pony Mail
Vendor: CVE Published:; 22 August 2017

What is CVE-2016-4460?

The vulnerability in Apache Pony Mail versions 0.6c through 0.8b allows remote attackers to bypass authentication mechanisms, potentially compromising the security of user accounts. This flaw highlights the necessity for timely updates and patch management to safeguard against unauthorized access and data breaches.

References

http://www.securityfocus.com/bid/100449

vdb-entryx_refsource_BID

http://markmail.org/message/jy7o23cppny26icu

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2017
Vulnerability Reserved
May 2, 2016

CVE-2016-4460 Data

JSON