CVE-2019-13612
Last modified
CVE-2019-13612 is a vulnerability of currently unknown severity. MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious e-mail, if a customer deploys a server with sufficient resources to scan large messages.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious e-mail, if a customer deploys a server with sufficient resources to scan large messages.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Altn | Mdaemon Email Server | 19 |
References
- http://lists.altn.com/WebX/.59862f3cVendor Advisory
- http://lists.altn.com/WebX/.59862f3cVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-13612?
How severe is CVE-2019-13612?
How do I fix CVE-2019-13612?
Are you affected by CVE-2019-13612?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST