Known Vulnerabilities for products from Icewarp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Icewarp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-0246 json | 6.1 - MEDIUM | 2024-01-05 | 2024-01-11 | |
| CVE-2023-43319 json | Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrar... | 6.1 - MEDIUM | 2023-09-25 | 2023-11-07 |
| CVE-2023-41013 json | Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HT... | 6.1 - MEDIUM | 2023-09-12 | 2023-11-07 |
| CVE-2023-40779 json | An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted req... | 6.1 - MEDIUM | 2023-09-14 | 2023-11-07 |
| CVE-2023-39700 json | IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color para... | 6.1 - MEDIUM | 2023-08-25 | 2023-11-07 |
| CVE-2023-39699 json | IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/... | 9.8 - CRITICAL | 2023-08-25 | 2023-08-30 |
| CVE-2023-39600 json | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. | 6.1 - MEDIUM | 2023-08-25 | 2023-11-07 |
| CVE-2023-39598 json | Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary co... | 6.1 - MEDIUM | 2023-09-05 | 2023-11-07 |
| CVE-2023-37728 json | IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | 6.1 - MEDIUM | 2023-07-20 | 2023-11-07 |
| CVE-2022-35115 json | IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search pa... | 9.8 - CRITICAL | 2022-08-23 | 2022-08-25 |
| CVE-2021-36580 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2023-07-27 | 2023-11-07 |
| CVE-2020-27982 json | IceWarp 11.4.5.0 allows XSS via the language parameter. | 6.1 - MEDIUM | 2020-11-02 | 2022-06-29 |
| CVE-2020-25925 json | Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web sc... | 6.1 - MEDIUM | 2021-07-07 | 2021-07-09 |
| CVE-2020-14066 json | IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | 8.8 - HIGH | 2020-07-15 | 2020-07-22 |
| CVE-2020-14065 json | IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | 6.5 - MEDIUM | 2020-07-15 | 2020-07-22 |
| CVE-2020-14064 json | IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | 6.5 - MEDIUM | 2020-07-15 | 2020-07-22 |
| CVE-2020-8512 json | In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | 6.1 - MEDIUM | 2020-02-01 | 2020-02-04 |
| CVE-2019-19266 json | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes f... | 5.4 - MEDIUM | 2020-01-06 | 2020-01-08 |
| CVE-2019-19265 json | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes f... | 6.1 - MEDIUM | 2020-01-06 | 2020-01-08 |
| CVE-2019-12593 json | IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?... | 7.5 - HIGH | 2019-06-03 | 2019-06-04 |
Known software with vulnerabilities from Icewarp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Icewarp | Icewarp Server | 11.4.4.1 |
| Application | Icewarp | Mail Server | 10.0.3 |
| Application | Icewarp | Server | 11.3.1.5 |
| Application | Icewarp | Webclient | - |
| Application | Icewarp | Webmail | 4.1 |