Icewarp : Security Vulnerabilities, CVEs, CVSS score >= 8
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-08-25
Updated
2023-08-30
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.
Max CVSS
9.8
EPSS Score
0.16%
Published
2022-08-23
Updated
2022-08-25
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
Max CVSS
8.8
EPSS Score
0.35%
Published
2020-07-15
Updated
2020-07-22
3 vulnerabilities found