CVE-2021-36580
published 2023-07-27CVE-2021-36580: Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.53%
71.6th percentile
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icewarp | icewarp_server | < 13.0.1.2 | 13.0.1.2 |
| icewarp | mail_server | < 13.0.1.2 | 13.0.1.2 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
IceWarp Mail Server - Open Redirect
nuclei·CVSS 6.1
CVE-2021-36580 [MEDIUM] IceWarp Mail Server - Open Redirect
IceWarp Mail Server - Open Redirect
IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.
Template:
id: CVE-2021-36580
info:
name: IceWarp Mail Server - Open Redirect
author: DhiyaneshDk
severity: medium
description: |
IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
remediation: |
Apply the latest security patches or updates provided by IceWarp to fix the open redirect vulnerability.
reference:
- https://www.icewarp.com/
- https://twitter.com/shifacyclewala
2023-07-27
Published