Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

NVD
NVDadded 2002/05/29 4:0 a.m.15 views

CVE-2002-0258

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs...

7.5CVSS6.9AI score0.01366EPSS
Exploits0References1
CVE
CVEadded 2002/05/03 4:0 a.m.43 views

CVE-2002-0258

Merak Mail IceWarp Web Mail uses a static user session ID that does not change across sessions. This could allow remote attackers who obtain the session ID to elevate privileges as the targeted user (e.g., via IDs exposed in answers or forward URLs). Affected product: Merak Mail IceWarp Web Mail....

7.5CVSS7.3AI score0.01366EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder