CVE-2011-1430

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
ipswitchimail
𝑥
≤ 11.03
ipswitchimail
5.0
ipswitchimail
5.0.5
ipswitchimail
5.0.6
ipswitchimail
5.0.7
ipswitchimail
5.0.8
ipswitchimail
6.00
ipswitchimail
6.0
ipswitchimail
6.0.1
ipswitchimail
6.0.2
ipswitchimail
6.0.3
ipswitchimail
6.0.4
ipswitchimail
6.0.5
ipswitchimail
6.0.6
ipswitchimail
6.1
ipswitchimail
6.2
ipswitchimail
6.3
ipswitchimail
6.4
ipswitchimail
6.06
ipswitchimail
7.0.1
ipswitchimail
7.0.2
ipswitchimail
7.0.3
ipswitchimail
7.0.4
ipswitchimail
7.0.5
ipswitchimail
7.0.6
ipswitchimail
7.0.7
ipswitchimail
7.1
ipswitchimail
7.12
ipswitchimail
8.0.3
ipswitchimail
8.0.5
ipswitchimail
8.1
ipswitchimail
8.01
ipswitchimail
8.11
ipswitchimail
8.12
ipswitchimail
8.13
ipswitchimail
8.22
ipswitchimail
10.01
ipswitchimail
10.02
ipswitchimail
11.01
ipswitchimail
11.02
ipswitchimail
2006.1
ipswitchimail
2006.2
𝑥
= Vulnerable software versions