Lucene search
Veracode Vulnerability DatabaseVERACODE:42590HistoryAug 07, 2023 - 2:18 a.m.
Email Spamming
2023-08-0702:18:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
rdiffweb
email spamming
vulnerability
rate limit checks
page_pref_notification.py
organization
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS
0.001
Percentile
33.2%
rdiffweb is vulnerable to Email Spamming. The vulnerability exists because there is no rate limit checks in the page_pref_notification.py, which allows an attacker to spam the victim’s mailbox, causing additional expenses for the organization.
Related
github
github
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
2023-08-03 18:30:35
cve
cve
CVE-2023-4138
2023-08-03 15:15:36
nvd
nvd
CVE-2023-4138
2023-08-03 15:15:36
osv
osv
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
2023-08-03 18:30:35
CVE-2023-4138
2023-08-03 15:15:36
prion
prion
Design/Logic Flaw
2023-08-03 15:15:00
cvelist
cvelist
huntr
huntr
No rate limit on send report functionality results in an email spam
2023-05-04 12:20:27
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS
0.001
Percentile
33.2%
Related for VERACODE:42590