MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an malicious user to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mailenable mailenable |