What is it?
IceWarp is a Mail Server that also provides messaging and collaboration services.
A vulnerability in the code allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this vulnerability.
Why is it a risk?
Allowing unauthenticated users to execute arbitrary code is an obvious risk.
The vulnerability has a score of CRITICAL.
How can you mitigate the risk?
IceWarp has released version 14.2.0.9 which corrects these problems.
Admins are advised to update their IceWarp instances as soon as possible.
The IceWarp support link below provides links to upgrade from various versions which must be done incrementally. The side bar also contains links to instructions for Linux and Docker installations.
Resources:
Upgrade to IceWarp EPOS from previous version (Windows)
https://support.icewarp.com/hc/en-us/articles/12793070493329-Upgrade-to-IceWarp-EPOS-from-previous-version-Windows
