Summary
The remote IceWarp Web Mail is prone to an information-disclosure Vulnerability.
Impact
Attackers can exploit these issues to gain access to potentially sensitive information.
Impact Level: System/Application
Solution
Vendor updates are available.
Insight
The used XML parser is resolving external XML entities which allows attackers to read files and send requests to systems on the internal network (e.g port scanning). The risk of this vulnerability is highly increased by the fact that it can be exploited by anonymous users without existing user accounts.
Affected
IceWarp Mail Server <=10.4.5
Detection
Send a special crafted HTTP POST request and check the response.
References