Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.
References
| Link | Resource |
|---|---|
| https://pastebin.com/ahLNMf5n | Third Party Advisory |
| https://www.mailenable.com/kb/content/article.asp?ID=ME020737 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Jan 2023, 18:27
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-22 | |
| References | (MISC) https://www.mailenable.com/kb/content/article.asp?ID=ME020737 - Vendor Advisory | |
| References | (MISC) https://pastebin.com/ahLNMf5n - Third Party Advisory | |
| CPE | cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:* cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:* cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:* cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:* |
|
| First Time |
Mailenable mailenable
Mailenable |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
13 Jan 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-01-13 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-42136
Mitre link : CVE-2022-42136
CVE.ORG link : CVE-2022-42136
JSON object : View
Products Affected
mailenable
- mailenable
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')