Vulnerabilities > CVE-2015-9278 - Credentials Management vulnerability in Mailenable
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt
- https://web.archive.org/web/20150329173628/http://www.mailenable.com/Standard-ReleaseNotes.txt
- https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf
- https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf
- https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/
- https://www.nccgroup.trust/uk/our-research/multiple-vulnerabilities-in-mailenable/