Total vulnerabilities in the database
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
| Software | From | Fixed in |
|---|---|---|
| icewarp / mail_server | 10.2.0 | 10.2.0.x |
| icewarp / mail_server | 10.1.1 | 10.1.1.x |
| icewarp / mail_server | 9.4.0 | 9.4.0.x |
| icewarp / mail_server | 10.2.1 | 10.2.1.x |
| icewarp / mail_server | 10.0.4 | 10.0.4.x |
| icewarp / mail_server | 10.0.7 | 10.0.7.x |
| icewarp / mail_server | 9.4.2 | 9.4.2.x |
| icewarp / mail_server | 9.3.1 | 9.3.1.x |
| icewarp / mail_server | 10.3.0 | 10.3.0.x |
| icewarp / mail_server | 9.3.2 | 9.3.2.x |
| icewarp / mail_server | 9.4.1 | 9.4.1.x |
| icewarp / mail_server | 9.3.0 | 9.3.0.x |
| icewarp / mail_server | 10.0.8 | 10.0.8.x |
| icewarp / mail_server | - | 10.3.2.x |
| icewarp / mail_server | 10.1.2 | 10.1.2.x |
| icewarp / mail_server | 10.0.3 | 10.0.3.x |
| icewarp / mail_server | 10.3.1 | 10.3.1.x |
| icewarp / mail_server | 10.1.3 | 10.1.3.x |
| icewarp / mail_server | 10.2.2 | 10.2.2.x |
| icewarp / mail_server | 10.1.4 | 10.1.4.x |