9.8

CVE-2016-4460

Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApachePony Mail Version0.6c
ApachePony Mail Version0.7b
ApachePony Mail Version0.8b
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.1% 0.925
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://markmail.org/message/jy7o23cppny26icu
Patch
Vendor Advisory
Mailing List
http://www.securityfocus.com/bid/100449
Third Party Advisory
VDB Entry