Is CVE-2019-12924 actively exploited?

CVE-2019-12924 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-12924?

CVE-2019-12924 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2019-12924?

Patch guidance is available from mailenable security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-12924.

Fix CVE-2019-12924 - CRITICAL mailenable mailenable

Q: Which products are affected by CVE-2019-12924?

5 products: mailenable mailenable, mailenable mailenable, mailenable mailenable, mailenable mailenable, mailenable mailenable.

Description

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-311 CWE-611 · XML External Entity (XXE)

Metadata

Primary Vendor: MAILENABLE
Published: 7/8/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mailenable : mailenablemailenable : mailenablemailenable : mailenablemailenable : mailenablemailenable : mailenable

Remediation Guidance

Executive Summary

View on NIST NVD