Unrated severityNVD Advisory· Published Jul 8, 2019· Updated Aug 4, 2024
CVE-2019-12923
CVE-2019-12923
Description
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF token parameter from the request. This could allow an attacker to manipulate a user into unwittingly performing actions within the application (such as sending email, adding contacts, or changing settings) on behalf of the attacker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MailEnable/MailEnable Enterprise Premiumdescription
- Range: =10.23
Patches
Vulnerability mechanics
References
2- www.mailenable.com/Premium-ReleaseNotes.txtmitrex_refsource_CONFIRM
- www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.