File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " MessageSolution企业邮件归档管理系统EEA存在信息泄露漏洞,攻击者无需认证即可访问/authenticationservletservlet/接口,获取Windows服务器administrator的NTLM Hash以及Web管理平台所有用户的用户名和密码,直接威胁企业邮件系统安全。"
3+ published = " 2021-03-25"
4+ remediation = " 厂商已发布安全更新,建议升级MessageSolution EEA至最新版本;如无法升级,应在Web服务器上限制/authenticationservletservlet/路径的外部访问,或添加身份认证机制。"
5+ score = 7.5
6+ severity = " HIGH"
7+ sources = [
8+ " nuclei" ,
9+ " cnvd" ,
10+ ]
11+ title = " MessageSolution 企业邮件归档管理系统 EEA 信息泄露漏洞"
12+ updated = " 2021-03-28"
13+
14+ [exploit ]
15+ exp_urls = []
16+ poc_urls = [" https://github.com/Henry4E36/CNVD-2021-10543" ]
17+
18+ [id ]
19+ aliases = [
20+ " NUCLEI-HTTP-CNVD-2021-CNVD-2021-10543-YAML" ,
21+ " CNVD-2021-10543" ,
22+ ]
23+ ave_id = " AVE-2021-0003"
24+
25+ [meta ]
26+ collected_at = " 2026-07-14T18:26:20.011290262+00:00"
27+ status = " completed"
28+
29+ [references ]
30+ urls = [
31+ " https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543" ,
32+ " https://github.com/Henry4E36/CNVD-2021-10543" ,
33+ ]
You can’t perform that action at this time.
0 commit comments