atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
References
Link | Resource |
---|---|
https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | Vendor Advisory |
https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6 - Vendor Advisory |
Information
Published : 2017-06-08 14:29
Updated : 2024-11-21 03:36
NVD link : CVE-2017-9518
Mitre link : CVE-2017-9518
CVE.ORG link : CVE-2017-9518
JSON object : View
Products Affected
atmail
- atmail
CWE
CWE-352
Cross-Site Request Forgery (CSRF)