Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-25848
HistoryDec 31, 2020 - 8:15 a.m.

CVE-2020-25848

2020-12-3108:15:13
CWE-287
[email protected]
web.nvd.nist.gov
5
cve-2020-25848
mailsherlock
weak authentication
default password
privilege
remote access
flaw

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

Affected configurations

Nvd
Node
hgigamsr45_isherlock-antispamRange<4.5-130
OR
hgigamsr45_isherlock-auditRange<4.5-143
OR
hgigamsr45_isherlock-baseRange<4.5-243
OR
hgigamsr45_isherlock-userRange<4.5-114
OR
hgigamsr45_isherlock-useradminRange<4.5-122
OR
hgigassr45_isherlock-antispamRange<4.5-130
OR
hgigassr45_isherlock-auditRange<4.5-143
OR
hgigassr45_isherlock-baseRange<4.5-243
OR
hgigassr45_isherlock-userRange<4.5-114
OR
hgigassr45_isherlock-useradminRange<4.5-112
VendorProductVersionCPE
hgigamsr45_isherlock-antispam*cpe:2.3:a:hgiga:msr45_isherlock-antispam:*:*:*:*:*:*:*:*
hgigamsr45_isherlock-audit*cpe:2.3:a:hgiga:msr45_isherlock-audit:*:*:*:*:*:*:*:*
hgigamsr45_isherlock-base*cpe:2.3:a:hgiga:msr45_isherlock-base:*:*:*:*:*:*:*:*
hgigamsr45_isherlock-user*cpe:2.3:a:hgiga:msr45_isherlock-user:*:*:*:*:*:*:*:*
hgigamsr45_isherlock-useradmin*cpe:2.3:a:hgiga:msr45_isherlock-useradmin:*:*:*:*:*:*:*:*
hgigassr45_isherlock-antispam*cpe:2.3:a:hgiga:ssr45_isherlock-antispam:*:*:*:*:*:*:*:*
hgigassr45_isherlock-audit*cpe:2.3:a:hgiga:ssr45_isherlock-audit:*:*:*:*:*:*:*:*
hgigassr45_isherlock-base*cpe:2.3:a:hgiga:ssr45_isherlock-base:*:*:*:*:*:*:*:*
hgigassr45_isherlock-user*cpe:2.3:a:hgiga:ssr45_isherlock-user:*:*:*:*:*:*:*:*
hgigassr45_isherlock-useradmin*cpe:2.3:a:hgiga:ssr45_isherlock-useradmin:*:*:*:*:*:*:*:*

Related

cve 1
prion 1
cvelist 1
cve
cve
CVE-2020-25848
2020-12-31 08:15:13
prion
prion
Default credentials
2020-12-31 08:15:00
cvelist
cvelist
CVE-2020-25848 HGiga MailSherlock - Broken Authentication
2020-12-31 07:45:48

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON
Related for NVD:CVE-2020-25848
cve1prion1cvelist1