Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: High-severity XSS vulnerability in Axigen mail server software
Image
Gepubliceerd : 27/11/2023
Reference:
Advisory #2023-141
Version:
1.0
Affected software:
Axigen 10.3.3.0 until and including Axigen 10.3.3.60
Axigen 10.4.0 until and including Axigen 10.4.23
Axigen 10.5.0 until and including Axigen 10.5.9
Type:
Cross-Site Scripting (XSS)
CVE/CVSS:
CVE-2023-49101 / 7.8 High
Sources
Axigen - https://www.axigen.com/knowledgebase/Axigen-WebAdmin-XSS-Vulnerability-CVE-2023-49101-_400.html
Risks
The Cross-Site Scripting vulnerability affecting Axigen's mail server software allows an attacker to access the administrator's interface.
Description
CVE-2023-49101 - Cross-Site Scripting (XSS) vulnerability
The vulnerability allows an attacker to run arbitrary Javascript code and carry out a cross-site scripting attack against a vulnerable system.
Exploitation of this flaw requires attackers to send a phishing email (or other type of message) to an administrator containing a crafted link. Once the link is opened by the administrator, provided there is an active admin session, attackers can run arbitrary Javascript code that can retrieve the administrator's session cookie. Attackers can then use this cookie to impersonate the administrator in the Axigen mail server software to access its administrative interface.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to visit the adequate for the version Axigen updates page to download and install the patched version of this software.
Axigen's updates pages: