Lucene search

JpcertCVELIST:CVE-2023-40747

HistoryMar 18, 2024 - 12:32 a.m.

CVE-2023-40747

2024-03-1800:32:58

jpcert

www.cve.org

cve-2023-40747

directory traversal

a.k.i software

pmailserver

pmailserver2

cgis

internal simple webserver

remote attacker

documentroot

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Directory traversal vulnerability exists in A.K.I Software’s PMailServer/PMailServer2 products’ CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

CNA Affected

[
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Standard edition)",
    "versions": [
      {
        "version": "2.5.1.12154 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Pro edition)",
    "versions": [
      {
        "version": "2.5.1.12155 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Standard + IMAP4 edition)",
    "versions": [
      {
        "version": "2.5.1.12156 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Pro + IMAP4 edition)",
    "versions": [
      {
        "version": "2.5.1.12157 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Enterprise edition)",
    "versions": [
      {
        "version": "2.5.1.12158 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

akisoftware.com/Vulnerability202301.html

jvn.jp/en/jp/JVN92720882/