CVE-2010-5334

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
icewarpwebclient
10.0 ≤
𝑥
< 10.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://vuldb.com/?id.142994
https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601
https://vuldb.com/?id.142994
https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601