CVE-2023-4595

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail - Third Party Advisory () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail - Third Party Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 7.5

29 Nov 2023, 21:23

Type Values Removed Values Added
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail - Third Party Advisory
CPE cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

24 Nov 2023, 15:24

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-23 13:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4595

Mitre link : CVE-2023-4595

CVE.ORG link : CVE-2023-4595


JSON object : View

Products Affected

seattlelab

  • slmail

microsoft

  • windows
CWE
CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory