CVE-2024-6048

Openfind MailGates and MailAudit - OS Command Injection

CVSS 9.8 CRITICALEPSS 0.7%CWE-78

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Openfind · MailAudit 5.0 Openfind · MailAudit 6.0 Openfind · MailGates 5.0 Openfind · MailGates 6.0

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html