HomePentest-Tools.com Logo

AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure CVE-2021-26294

Severity
CVSSv3 Score
7.5
Vulnerability description

AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldav_public_user@localhost” and it’s the predefined password “caldav_public_user” allows the attacker to read all files under the web root.\n

Risk description

No risk description to display.

Recommendation

We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Mar 7, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available