CVE Vulnerabilities

CVE-2016-10835

Improper Authentication

Published: Aug 01, 2019 | Modified: Aug 12, 2019
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Cpanel Cpanel 11.50.0.4 (including) 11.50.5.2 (excluding)
Cpanel Cpanel 11.51.9999.98 (including) 11.52.4.1 (excluding)
Cpanel Cpanel 11.54.0.0 (including) 11.54.0.20 (excluding)
Cpanel Cpanel 55.9999.61 (including) 55.9999.141 (excluding)

Potential Mitigations

References