- Description
- Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipswitch:imail_server:8.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "188ADF5A-00A4-4608-A9F9-EDF61CEFAA20"
},
{
"criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEC4E630-46A4-4C8F-9D73-F8B7241F4795"
},
{
"criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59B7AA85-5A6A-4D40-8ACA-26A6C2FBDACC"
}
],
"operator": "OR"
}
]
}
]