1. Home
  2. CVE Database
  3. CVE-2002-0258
HIGH · 7.5

CVE-2002-0258

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user...

Vulnerability Description

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
IcewarpWeb MailAll versions
MerakMail ServerAll versions

References

FAQ

What is CVE-2002-0258?

CVE-2002-0258 is a vulnerability with a CVSS score of 7.5 (HIGH). Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user...

How severe is CVE-2002-0258?

CVE-2002-0258 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0258?

Check the references section above for vendor advisories and patch information. Affected products include: Icewarp Web Mail, Merak Mail Server.