Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html.
Software | From | Fixed in |
---|---|---|
icewarp / web_mail | 3.3.2 | 3.3.2.x |
icewarp / web_mail | 5.2.7 | 5.2.7.x |
icewarp / web_mail | 5.2.8 | 5.2.8.x |