本ページは transware active\!_mail に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2013-2302 | TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. | [email protected] | 1.9 | 0.30% | 2013-04-04 | 2026-06-16 |
| CVE-2010-3913 | CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | [email protected] | 4.3 | 1.10% | 2010-11-05 | 2026-06-16 |
| CVE-2009-4354 | TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | [email protected] | 5.8 | 1.05% | 2009-12-17 | 2026-06-16 |
| CVE-2009-4353 | The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL. | [email protected] | 5.8 | 1.08% | 2009-12-17 | 2026-06-16 |