CVE-2024-6048

Openfind MailGates and MailAudit - OS Command Injection

CVSS 9.8 CRITICALEPSS 0.7%CWE-78

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Openfind · MailAudit 5.0 Openfind · MailAudit 6.0 Openfind · MailGates 5.0 Openfind · MailGates 6.0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html