Lucene search
TwcertCVELIST:CVE-2024-5670HistoryJul 29, 2024 - 2:23 a.m.
CVE-2024-5670 Softnext Mail SQR Expert and Mail Archiving Expert - OS Command Injection
2024-07-2902:23:20
CWE-78
twcert
www.cve.org
3
cve-2024-5670
softnext
mail sqr expert
mail archiving expert
os command injection
web services
remote attackers
user input validation
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.8%
The web services of Softnext’s products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SN OS 12.1",
"vendor": "Softnext",
"versions": [
{
"lessThan": "230922",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN OS 12.3",
"vendor": "Softnext",
"versions": [
{
"lessThan": "230922",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SN OS 10.3",
"vendor": "Softnext",
"versions": [
{
"lessThan": "230631",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-5670
2024-07-29 03:15:02
vulnrichment
vulnrichment
cve
cve
CVE-2024-5670
2024-07-29 03:15:02
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.8%
Related for CVELIST:CVE-2024-5670