9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.026 Low
EPSS
Percentile
90.4%
Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below.
Hard-coded credentials for user account (CWE-798) - CVE-2018-0680
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
Hard-coded credentials for the configuration management page (CWE-798) - CVE-2018-0681
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
Improper session management (CWE-639) - CVE-2018-0682
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | Base Score: 4.8 |
CVSS v2 | AV:N/AC:H/Au:N/C:P/I:P/A:N | Base Score: 4.0 |
Stack-based buffer overflow due to a flaw in processing Cookie data (CWE-121) - CVE-2018-0683
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
Stack-based buffer overflow due to a flaw in processing multipart/form-data format data (CWE-121) - CVE-2018-0684
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
SQL injection due to a flaw in processing HTTP requests for mail search (CWE-89) - CVE-2018-0685
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Base Score: 6.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:P/A:P | Base Score: 6.5 |
Arbitrary executable files can be uploaded (CWE-434) - CVE-2018-0686
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Base Score: 8.8 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:P/A:P | Base Score: 6.5 |
Cross-site scripting in HTML mail view (CWE-79) - CVE-2018-0687
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Update the Software- CVE-2018-0680, CVE-2018-0681, CVE-2018-0682, CVE-2018-0683, CVE-2018-0684, CVE-2018-0685, CVE-2018-0687
Update to the latest version according to the information provided by the developer.
Apply Workaround- CVE-2018-0686
CVE-2018-0680, CVE-2018-0681, CVE-2018-0682, CVE-2018-0683, CVE-2018-0686, CVE-2018-0687
Denbun POP version V3.3P R4.0 and earlier
Denbun IMAP version V3.3I R4.0 and earlier
CVE-2018-0684
Denbun POP version V3.3P R3.0 and earlier
Denbun IMAP version V3.3I R3.0 and earlier
CVE-2018-0685
Denbun POP version V3.3P R4.0 and earlier
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.026 Low
EPSS
Percentile
90.4%