CVE-2020-26942
EUVD-2020-1946821.03.2024, 02:36
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| axigen | axigen_mail_server | 10.3.0 ≤ 𝑥 < 10.3.1.27 |
| axigen | axigen_mail_server | 10.3.2.0 ≤ 𝑥 < 10.3.3.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| axigen | axigen_mail_server | 10.3.0 ≤ 𝑥 < 10.3.1.27 | ADP |
| axigen | axigen_mail_server | 10.3.2.0 ≤ 𝑥 < 10.3.3.1 | ADP |
Common Weakness Enumeration
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.