Japan Vulnerability NotesJVN:92720882JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
0.0004 Low
EPSS
Percentile
9.1%
CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below.
Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-39223
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
| CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Insufficient verification vulnerability in Broadcast Mail CGI (pmc.exe) (CWE-434) - CVE-2023-39933
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
| CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Directory traversal vulnerability in Mailing List Search CGI (pmmls.exe) (CWE-22) - CVE-2023-40160
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 3.7 |
| CVSS v2 | AV:N/AC:M/Au:N/C:P/I:N/A:N | Base Score: 4.3 |
Directory traversal vulnerability in Internal Simple Webserver (CWE-22) - CVE-2023-40747
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
| CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
Impact
- An arbitrary script may be executed on a logged-in user’s web browser - CVE-2023-39223
- A user who can upload files through the product may execute an arbitrary excutable file with the web server’s execution privilege - CVE-2023-39933
- A remote attacker may obtain arbitrary files on the server - CVE-2023-40160
- A remote attacker may access arbitrary files outside DocumentRoot - CVE-2023-40747
Solution
For PMailServer2: Apply Update file
Apply Update file according to the information provided by the developer.
For PMailServer: Stop using the product’s CGIs or Switch to alternative products
The developer states that the affected products are no longer being developed, and Update files will not be provided.
The developer recommends stop using the product’s CGIs or switching to an alternative product “PMailServer2”.
Apply the Workarounds
The developer provides workarounds for these vulnerabilities.
For more information, please refer to the developer’s website (Text in Japanse).
Products Affected
- PMailServer Free edition
- This product is affected by CVE-2023-39223 (pmam.exe) only.
- PMailServer Version 1.91 and earlier
- Standard edition
- Pro edition
- Standard + IMAP4 edition
- Pro + IMAP4 edition
- PMailServer2 prior to Version 2.51a
- Standard edition
- Pro edition
- Standard + IMAP4 edition
- Pro + IMAP4 edition
- Enterprise edition
The following CGIs included with the above products are affected by the vulnerabilities.
- pmc.exe 2.5.1.720 and earlier
- pmam.exe 2.5.1.1411 and earlier
- pmmls.exe 2.5.1.561 and earlier
- pmum.exe (Standard edition) 2.5.1.25451 and earlier
- pmum.exe (Pro edition) 2.5.1.25452 and earlier
- pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
- pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
- pmman.exe (Standard edition) 2.5.1.12154 and earlier
- pmman.exe (Pro edition) 2.5.1.12155 and earlier
- pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
- pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
- pmman.exe (Enterprise edition) 2.5.1.12158 and earlier
- PMailServer Version 1.91 and earlier
Related
