Unrated severityNVD Advisory· Published Jul 8, 2019· Updated Aug 4, 2024
CVE-2019-12924
CVE-2019-12924
Description
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MailEnable/MailEnable Enterprise Premiumdescription
- Range: = 10.23
Patches
Vulnerability mechanics
References
2- www.mailenable.com/Premium-ReleaseNotes.txtmitrex_refsource_CONFIRM
- www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.