CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
76.4%
A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID
cookie value for all sessions, which allows remote authenticated users to
access other users’ folder lists and configuration data in opportunistic
circumstances by using the standard webmail.php interface. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2008-3663.