CVE-2024-6048

Openfind MailGates and MailAudit - OS Command Injection

CVSS 9.8 CRITICALEPSS 0.7%CWE-78

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Openfind · MailAudit 5.0 Openfind · MailAudit 6.0 Openfind · MailGates 5.0 Openfind · MailGates 6.0

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html