GFI MailEssentials 21.6

CPE Details

GFI MailEssentials 21.6
gfi
mailessentials
21.6
2025-05-05
10h44 +00:00
2025-05-05
10h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gfi:mailessentials:21.6:-:*:*:*:*:*:*

Informations

Vendor

gfi

Product

mailessentials

Version

21.6

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-34491 2025-04-28 19h20 +00:00 GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.
8.8
High
CVE-2025-34490 2025-04-28 19h02 +00:00 GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.
6.5
Medium
CVE-2025-34489 2025-04-28 18h50 +00:00 GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.