CVE-2019-12593

high-risk
Published 2019-06-03

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

Do I need to act?

!
77.7% chance of exploitation in next 30 days
EPSS score — higher than 22% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
46959
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Icewarp

References (4)

http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion....
Exploit https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20loc...
http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion....
Exploit https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20loc...
51
/ 100
high-risk
Severity 26/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal