CVE-2019-12926

HIGH

MailEnable 6.0-<6.90 - Missing Authorization

Title source: llm
STIX 2.1

Description

MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that that user should not have had permission to perform. It was also possible to gain access to areas within the application for which the accounts used were supposed to have insufficient access.

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://www.mailenable.com/Premium-ReleaseNotes.txt

Scores

CVSS v3 8.8
EPSS 0.0094
EPSS Percentile 56.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
mailenable/mailenable 6.0 - 6.90
Published Jul 08, 2019
Tracked Since Feb 18, 2026