CVE-2020-23824

{"id": "CVE-2020-23824", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-09-11T21:15:11.797", "references": [{"url": "https://github.com/V1n1v131r4/CSRF-on-ArGoSoft-Mail-Server/blob/master/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/V1n1v131r4/CSRF-on-ArGoSoft-Mail-Server/blob/master/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF."}, {"lang": "es", "value": "ArGo Soft Mail Server versi\u00f3n 1.8.8.9 est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para realizar una ejecuci\u00f3n de c\u00f3digo arbitraria remota. El componente es el panel de administraci\u00f3n. Al usar credenciales admin/user, si el administrador admin/user abre un sitio web con la p\u00e1gina maliciosa que ejecutar\u00e1 el ataque de tipo CSRF"}], "lastModified": "2024-11-21T05:14:05.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:argosoft:mail_server:1.8.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9A83861-C040-4FA8-9E6D-3C00870081F6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}