The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-13T17:54:27
Updated: 2024-08-05T01:33:16.543Z
Reserved: 2019-10-04T00:00:00
Link: CVE-2019-17123
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-12-13T18:15:11.247
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-17123
Redhat
No data.