Vulnerabilities > CVE-2018-0682 - Unspecified vulnerability in NEO Debun Imap and Debun POP

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

neo

critical

NVD

Published: 2018-11-15

Updated: 2019-10-03

Summary

Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Neo NEO Debun POP 3.3P_R1.0 NEO Debun POP 3.3P_R1.3 NEO Debun POP 3.3P_R4.0 NEO Debun Imap 3.3I_R1.0 NEO Debun Imap 3.3I_R1.3 NEO Debun Imap 3.3I_R4.0	6

References

https://www.denbun.com/en/pop/support/security/181003.html
https://www.denbun.com/en/imap/support/security/181003.html
http://jvn.jp/en/jp/JVN00344155/index.html