Lucene search

[email protected]CVE-2023-24842

HistoryMar 27, 2023 - 4:15 a.m.

CVE-2023-24842

2023-03-2704:15:10

CWE-639

[email protected]

web.nvd.nist.gov

cve-2023-24842

hgiga mailsherlock

insufficient access control

vulnerability

unauthorized access

remote exploit

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.9%

JSON

HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.

Affected configurations

NVD

Node

hgigaoaklouds_mailsherlockMatch4.5

CPENameOperatorVersion
hgiga:oaklouds_mailsherlockhgiga oaklouds mailsherlockeq4.5

CPE	Name	Operator	Version
hgiga:oaklouds_mailsherlock	hgiga oaklouds mailsherlock	eq	4.5

CNA Affected

[
  {
    "vendor": "HGiga",
    "product": "MailSherlock",
    "versions": [
      {
        "version": "iSherlock-user-4.5",
        "status": "affected",
        "lessThanOrEqual": "iSherlock-user-4.5-161",
        "versionType": "custom"
      },
      {
        "version": "iSherlock-antispam-4.5",
        "status": "affected",
        "lessThanOrEqual": "iSherlock-antispam-4.5-167",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6961-12444-1.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.9%

JSON

Related for CVE-2023-24842

prion1 nvd1 cvelist1