- Description
- Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:etype:eserv:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8071783F-930B-41C1-9284-290314BDB568"
},
{
"criteria": "cpe:2.3:a:etype:eserv:3.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A76EA1C-D6C0-4AA3-91FD-2FF4301304B4"
}
],
"operator": "OR"
}
]
}
]