CNNVD-202602-848 Information
CNNVD ID
CNNVD-202602-848
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
Axigen Mail Server是Axigen公司的一款邮件服务器软件。 Axigen Mail Server 10.5.57之前版本存在安全漏洞,该漏洞源于WebAdmin界面存在访问控制不当,零权限的委派管理员账户可绕过访问控制检查,未经授权访问SSL证书管理端点。
Description (English)
Axigen Mail Server is a mail server software for Axigen. A security loophole existed in the previous version of Axigen Mail Server 10.5.57, which stemmed from the inappropriate access controls at the WebAdmin interface, and the Zero-Appliced Assignee Account could bypass access control checks and access the SSL Certificate Management Endpoint without authorization.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Axigen
Published
2026-02-05
Last Modified
2026-02-24
References
https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access-Control-Vulnerability-CVE-2025-68721-_406.html https://www.axigen.com/mail-server/download/
Patch
https://www.axigen.com/mail-server/download/
Share on: