// For flags

CVE-2010-5335

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

IceWarp Webclient versiones anteriores a 10.2.1, presenta una vulnerabilidad de salto de directorio. Esto puede resultar en la pérdida de datos confidenciales de IceWarp Mailserver y el sistema operativo. La entrada que es pasada por medio de un determinado parámetro (script en archivo basic/minimizer/index.php) no es saneada apropiadamente y, por lo tanto, puede ser explotada para explorar la partición donde está instalado IceWarp (o todo el sistema) y leer archivos arbitrarios.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-11 CVE Reserved
  • 2019-10-11 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
URL Tag Source
https://vuldb.com/?id.142994 Third Party Advisory
https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Icewarp
Search vendor "Icewarp"
 Webclient
Search vendor "Icewarp" for product "Webclient"
 >= 10.0 < 10.2.1
Search vendor "Icewarp" for product "Webclient" and version " >= 10.0 < 10.2.1"
-
Affected