Lucene search

JpcertCVE-2016-1142

HistoryJan 16, 2016 - 5:59 a.m.

CVE-2016-1142

2016-01-1605:59:04

CWE-78

jpcert

web.nvd.nist.gov

cve-2016-1142

acmailer

os command execution

authenticated users

remote attack

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

70.8%

JSON

Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

Affected configurations

Nvd

Node

seedsacmailerRange3.8.0–3.8.21

seedsacmailerMatch3.9.0beta

seedsacmailerMatch3.9.1beta

seedsacmailerMatch3.9.2beta

seedsacmailerMatch3.9.3beta

seedsacmailerMatch3.9.4beta

seedsacmailerMatch3.9.5beta

seedsacmailerMatch3.9.6beta

seedsacmailerMatch3.9.7beta

seedsacmailerMatch3.9.8beta

seedsacmailerMatch3.9.9beta

seedsacmailerMatch3.9.10beta

seedsacmailerMatch3.9.11beta

seedsacmailerMatch3.9.12beta

seedsacmailerMatch3.9.14

VendorProductVersionCPE
seedsacmailer*cpe:2.3:a:seeds:acmailer:*:*:*:*:*:*:*:*
seedsacmailer3.9.0cpe:2.3:a:seeds:acmailer:3.9.0:beta:*:*:*:*:*:*
seedsacmailer3.9.1cpe:2.3:a:seeds:acmailer:3.9.1:beta:*:*:*:*:*:*
seedsacmailer3.9.2cpe:2.3:a:seeds:acmailer:3.9.2:beta:*:*:*:*:*:*
seedsacmailer3.9.3cpe:2.3:a:seeds:acmailer:3.9.3:beta:*:*:*:*:*:*
seedsacmailer3.9.4cpe:2.3:a:seeds:acmailer:3.9.4:beta:*:*:*:*:*:*
seedsacmailer3.9.5cpe:2.3:a:seeds:acmailer:3.9.5:beta:*:*:*:*:*:*
seedsacmailer3.9.6cpe:2.3:a:seeds:acmailer:3.9.6:beta:*:*:*:*:*:*
seedsacmailer3.9.7cpe:2.3:a:seeds:acmailer:3.9.7:beta:*:*:*:*:*:*
seedsacmailer3.9.8cpe:2.3:a:seeds:acmailer:3.9.8:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
seeds	acmailer	*	cpe:2.3:a:seeds:acmailer::::::::
seeds	acmailer	3.9.0	cpe:2.3:a:seeds:acmailer:3.9.0:beta::::::
seeds	acmailer	3.9.1	cpe:2.3:a:seeds:acmailer:3.9.1:beta::::::
seeds	acmailer	3.9.2	cpe:2.3:a:seeds:acmailer:3.9.2:beta::::::
seeds	acmailer	3.9.3	cpe:2.3:a:seeds:acmailer:3.9.3:beta::::::
seeds	acmailer	3.9.4	cpe:2.3:a:seeds:acmailer:3.9.4:beta::::::
seeds	acmailer	3.9.5	cpe:2.3:a:seeds:acmailer:3.9.5:beta::::::
seeds	acmailer	3.9.6	cpe:2.3:a:seeds:acmailer:3.9.6:beta::::::
seeds	acmailer	3.9.7	cpe:2.3:a:seeds:acmailer:3.9.7:beta::::::
seeds	acmailer	3.9.8	cpe:2.3:a:seeds:acmailer:3.9.8:beta::::::

Rows per page:

1-10 of 151

References

jvn.jp/en/jp/JVN50899877/index.html

jvndb.jvn.jp/jvndb/JVNDB-2016-000002

www.acmailer.jp/info/de.cgi?id=64

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

70.8%

JSON

Related for CVE-2016-1142