Skip to content
{ 2009 05 05 }

4 new Advisories: Vulnerabilities in IceWarp eMail Server

RedTeam released 4 new advisories today, concerning vulnerabilities in the IceWarp eMail Server:

  • RT-SA-2009-001: IceWarp WebMail Server: Cross Site Scripting in Email View
  • RT-SA-2009-002: IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader
  • RT-SA-2009-003: IceWarp WebMail Server: SQL Injection in Groupware Component
  • RT-SA-2009-004: IceWarp WebMail Server: Client-Side Specification of “Forgot Password” eMail Content

We found those during a penetration test of a customer using this system, and now the vendor has released the fixed version 9.4.2. So please, if you’ve deployed an IceWarp eMail Server somewhere, upgrade to the new version.

Posted by phof on Tuesday, May 5, 2009, at 14:28. Filed under RedTeam. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog.

Post a Comment

Your email is never published nor shared.