Lucene search

[email protected]NVD:CVE-2023-40779

HistorySep 14, 2023 - 6:15 p.m.

CVE-2023-40779

2023-09-1418:15:09

CWE-601

[email protected]

web.nvd.nist.gov

icewarp mail server

deep castle 2

remote code execution

crafted request

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.124

Percentile

95.5%

JSON

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.

Affected configurations

Nvd

Node

icewarpdeep_castle_g2Match13.0.1.2

VendorProductVersionCPE
icewarpdeep_castle_g213.0.1.2cpe:2.3:a:icewarp:deep_castle_g2:13.0.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icewarp	deep_castle_g2	13.0.1.2	cpe:2.3:a:icewarp:deep_castle_g2:13.0.1.2:::::::*

References

medium.com/%40muthumohanprasath.r/open-redirection-vulnerability-on-icewarp-webclient-product-cve-2023-40779-61176503710

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.124

Percentile

95.5%

JSON

Related for NVD:CVE-2023-40779

cve1 cvelist1 prion1 nuclei1 vulnrichment1