XML External Entity Injection (XXE) Vulnerability in MailEnable Enterprise Premium 10.23

XML External Entity Injection (XXE) Vulnerability in MailEnable Enterprise Premium 10.23

CVE-2019-12924 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

Learn more about our External Network Penetration Testing.