An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
References
Link | Resource |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail | Third Party Advisory |
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
29 Nov 2023, 21:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail - Third Party Advisory | |
CPE | cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
24 Nov 2023, 15:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-23 13:15
Updated : 2024-11-21 08:35
NVD link : CVE-2023-4595
Mitre link : CVE-2023-4595
CVE.ORG link : CVE-2023-4595
JSON object : View
Products Affected
seattlelab
- slmail
microsoft
- windows
CWE
CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory