MidnightBSD

Advisories for analogic

CVE-2019-12938 MEDIUM

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,

Products Affected

Vendor Product Version
analogic poste.io 2.1.6