CVE-2011-1430

Name: CVE-2011-1430
Creator: NVD / NIST
Published: 2011-03-16T22:55:04.747+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.21%

Last modified Jun 16, 2026

CVE-2011-1430 is a vulnerability of currently unknown severity. The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.. EPSS estimates a 3.21% chance of exploitation in the next 30 days.

Description

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Metrics

EPSS Probability

3.21%

86.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Ipswitch	Imail	All versions
Ipswitch	Imail	<= 11.03
Ipswitch	Imail	5.0
Ipswitch	Imail	5.0.5
Ipswitch	Imail	5.0.6
Ipswitch	Imail	5.0.7
Ipswitch	Imail	5.0.8
Ipswitch	Imail	6.00
Ipswitch	Imail	6.0
Ipswitch	Imail	6.0.1
Ipswitch	Imail	6.0.2
Ipswitch	Imail	6.0.3
Ipswitch	Imail	6.0.4
Ipswitch	Imail	6.0.5
Ipswitch	Imail	6.0.6
Ipswitch	Imail	6.1
Ipswitch	Imail	6.2
Ipswitch	Imail	6.3
Ipswitch	Imail	6.4
Ipswitch	Imail	6.06
Ipswitch	Imail	7.0.1
Ipswitch	Imail	7.0.2
Ipswitch	Imail	7.0.3
Ipswitch	Imail	7.0.4
Ipswitch	Imail	7.0.5
Ipswitch	Imail	7.0.6
Ipswitch	Imail	7.0.7
Ipswitch	Imail	7.1
Ipswitch	Imail	7.12
Ipswitch	Imail	8.0.3
Ipswitch	Imail	8.0.5
Ipswitch	Imail	8.1
Ipswitch	Imail	8.01
Ipswitch	Imail	8.11
Ipswitch	Imail	8.12
Ipswitch	Imail	8.13
Ipswitch	Imail	8.22
Ipswitch	Imail	10
Ipswitch	Imail	10.01
Ipswitch	Imail	10.02
Ipswitch	Imail	11
Ipswitch	Imail	11.01
Ipswitch	Imail	11.02
Ipswitch	Imail	2006
Ipswitch	Imail	2006.1
Ipswitch	Imail	2006.2
Ipswitch	Imail	server_8.2_hotfix_2

References

http://secunia.com/advisories/43676Vendor Advisory
http://www.kb.cert.org/vuls/id/555316US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4US Government Resource
http://www.osvdb.org/71020
http://www.securityfocus.com/bid/46767
http://www.vupen.com/english/advisories/2011/0609Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
http://secunia.com/advisories/43676Vendor Advisory
http://www.kb.cert.org/vuls/id/555316US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4US Government Resource
http://www.osvdb.org/71020
http://www.securityfocus.com/bid/46767
http://www.vupen.com/english/advisories/2011/0609Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932

Timeline

Published: Mar 16, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-1430?

How severe is CVE-2011-1430?

Severity scoring for CVE-2011-1430 is pending analysis. The EPSS model estimates a 3.21% probability of exploitation in the next 30 days.

How do I fix CVE-2011-1430?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-1430?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST