Skip to content

Commit ad6f813

Browse files
committed
add: AVE-2021-0003
1 parent badb6f4 commit ad6f813

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

vulns/2021/AVE-2021-0003.toml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
[basic]
2+
description = "MessageSolution企业邮件归档管理系统EEA存在信息泄露漏洞,攻击者无需认证即可访问/authenticationservletservlet/接口,获取Windows服务器administrator的NTLM Hash以及Web管理平台所有用户的用户名和密码,直接威胁企业邮件系统安全。"
3+
published = "2021-03-25"
4+
remediation = "厂商已发布安全更新,建议升级MessageSolution EEA至最新版本;如无法升级,应在Web服务器上限制/authenticationservletservlet/路径的外部访问,或添加身份认证机制。"
5+
score = 7.5
6+
severity = "HIGH"
7+
sources = [
8+
"nuclei",
9+
"cnvd",
10+
]
11+
title = "MessageSolution 企业邮件归档管理系统 EEA 信息泄露漏洞"
12+
updated = "2021-03-28"
13+
14+
[exploit]
15+
exp_urls = []
16+
poc_urls = ["https://github.com/Henry4E36/CNVD-2021-10543"]
17+
18+
[id]
19+
aliases = [
20+
"NUCLEI-HTTP-CNVD-2021-CNVD-2021-10543-YAML",
21+
"CNVD-2021-10543",
22+
]
23+
ave_id = "AVE-2021-0003"
24+
25+
[meta]
26+
collected_at = "2026-07-14T18:26:20.011290262+00:00"
27+
status = "completed"
28+
29+
[references]
30+
urls = [
31+
"https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543",
32+
"https://github.com/Henry4E36/CNVD-2021-10543",
33+
]

0 commit comments

Comments
 (0)