CVE-2019-15073 Openfind MAIL2000 Webmail Pre-Auth Open Redirect

2019-11-1100:00:00

CWE-601

twcert

www.cve.org

0.002 Low

EPSS

Percentile

57.6%

JSON

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.

CNA Affected

[
  {
    "product": "MAIL2000",
    "vendor": "Openfind",
    "versions": [
      {
        "lessThan": "Before 20190919",
        "status": "affected",
        "version": "6.0",
        "versionType": "custom"
      },
      {
        "lessThan": "SP4 Patch 076",
        "status": "affected",
        "version": "7.0",
        "versionType": "custom"
      }
    ]
  }
]