Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101936
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/204950
Various Sources x_refsource_confirm
http://atmail.com/changelog/
Scores
EPSS
0.0083
EPSS Percentile
53.1%
Details
CWE
CWE-352
Status
published
Products (32)
atmail/atmail
6.3.0
atmail/atmail
6.3.1
atmail/atmail
6.3.2
atmail/atmail
6.3.3
atmail/atmail
6.3.4
atmail/atmail
6.3.5
atmail/atmail
6.3.6
atmail/atmail
6.4.0
atmail/atmail
6.4.1
atmail/atmail
6.4.2
... and 22 more
Published
Jan 12, 2014
Tracked Since
Feb 18, 2026