CVE-2023-39699

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 25, 2023

Updated: Aug 30, 2023

CWE ID 22

Summary

CVE-2023-39699: IceWarp Mail Server version 10.4.5 is susceptible to a local file inclusion (LFI) vulnerability. The issue lies within the /calendar/minimizer/index.php component, which enables attackers to include or execute files from the targeted server's local file system. This vulnerability poses a significant risk, as it could allow unauthorized access and potential data theft or system manipulation. It is essential for administrators to apply the necessary patches or upgrades to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IceWarp

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sP2-Y-
https://www.cve.org/CVERecord?id=CVE-2023-39699
https://nvd.nist.gov/vuln/detail/CVE-2023-39699

Back to Vulnerability Database

CVE-2023-39699

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations