Loading
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Use CWE-399, Icewarp vendor hub and Mail Server product page to widen CVE-2011-3579 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-39699, CVE-2020-14066 and CVE-2020-14065 for nearby disclosures in the same product family.