Vulnerabilities > CVE-2019-12926 - Missing Authorization vulnerability in Mailenable

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mailenable

CWE-862

NVD

Published: 2019-07-08

Updated: 2020-08-24

Summary

MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.

Vulnerable Configurations

Part	Description	Count
Application	Mailenable Mailenable Mailenable *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://www.mailenable.com/Premium-ReleaseNotes.txt
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-mailenable/