M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
Max CVSS
8.1
EPSS Score
0.06%
Published
2023-01-01
Updated
2023-01-09
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Max CVSS
7.8
EPSS Score
1.44%
Published
2014-04-11
Updated
2014-04-11
2 vulnerabilities found