CVE-2019-12593 Scanner

IceWarp Mail Server is a software application that enables organizations to manage their emails, contacts, calendars, and tasks. It is widely used in corporations, non-profit organizations, and government agencies. The product offers several features like anti-virus and anti-spam protection, mobile synchronization, secure collaboration, and backup and recovery services.

Recently, a vulnerability has been detected in IceWarp Mail Server, identified by the CVE-2019-12593 code. This vulnerability is classified as a local file inclusion (LFI) vulnerability, which allows an attacker to execute arbitrary code or access sensitive information stored in the server. The vulnerability is caused by a directory traversal that occurs in the webmail/calendar/minimizer/index.php?style=..%5c URL.

If this vulnerability is exploited, an attacker can access critical data stored on the server, which includes email messages, contact lists, calendar appointments, and other sensitive information. This can lead to data theft, identity theft, financial loss, and reputational damage for organizations that use this software.

Thanks to the pro features of the s4e.io platform, readers can easily and quickly learn about vulnerabilities in their digital assets. The platform offers comprehensive vulnerability scanning, penetration testing, and security audit services that can help organizations mitigate cybersecurity risks and protect their digital assets from potential threats. By using the platform, organizations can ensure that their infrastructure is secure and resilient against any cyber attack.

REFERENCES

• http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html
• https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt