OpenCVE

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Icewarp	Webclient

Configuration 1 [-]

cpe:2.3:a:icewarp:webclient:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vuldb.com/?id.142994
https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-11T10:36:09

Updated: 2024-08-07T04:17:10.297Z

Reserved: 2019-10-11T00:00:00

Link: CVE-2010-5335

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-10-11T11:15:09.577

Modified: 2024-11-21T01:23:04.650

Link: CVE-2010-5335

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-11T10:36:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.142994"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-5335", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601", "refsource": "MISC", "url": "https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601"}, {"name": "https://vuldb.com/?id.142994", "refsource": "MISC", "url": "https://vuldb.com/?id.142994"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:17:10.297Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.142994"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-5335", "datePublished": "2019-10-11T10:36:09", "dateReserved": "2019-10-11T00:00:00", "dateUpdated": "2024-08-07T04:17:10.297Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icewarp:webclient:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE420DDC-8BC0-42E6-9893-B32A4E694398", "versionEndExcluding": "10.2.1", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files."}, {"lang": "es", "value": "IceWarp Webclient versiones anteriores a 10.2.1, presenta una vulnerabilidad de salto de directorio. Esto puede resultar en la p\u00e9rdida de datos confidenciales de IceWarp Mailserver y el sistema operativo. La entrada que es pasada por medio de un determinado par\u00e1metro (script en archivo basic/minimizer/index.php) no es saneada apropiadamente y, por lo tanto, puede ser explotada para explorar la partici\u00f3n donde est\u00e1 instalado IceWarp (o todo el sistema) y leer archivos arbitrarios."}], "id": "CVE-2010-5335", "lastModified": "2024-11-21T01:23:04.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-11T11:15:09.577", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.142994"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.142994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}