Incorrect Access Control in IceWarp Email Server 12.3.0.1
CVE-2020-14064

6.5MEDIUM

Key Information:

Vendor

Icewarp

Status
Mail Server
Vendor
CVE Published:
15 July 2020

Badges

👾 Exploit Exists

What is CVE-2020-14064?

IceWarp Email Server version 12.3.0.1 is affected by an access control vulnerability that allows unauthorized manipulation of user accounts. This flaw enables attackers to exploit the server’s user account management features, compromising the security and integrity of user data. Organizations utilizing this version should apply the appropriate patches or updates to mitigate potential risks.

References

https://www.icewarp.com/download-premise/server/
x_refsource_MISC
https://github.com/networksecure/Icewarp_incorrect_access...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.