CVE-2021-20618

CRITICAL

acmailer <4.0.2-1.1.4 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.acmailer.jp/info/de.cgi?id=101
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN35906450/index.html

Scores

CVSS v3 9.8
EPSS 0.0330
EPSS Percentile 86.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (2)
acmailer/acmailer < 4.0.2
acmailer/acmailer_db < 1.1.4
Published Jan 14, 2021
Tracked Since Feb 18, 2026