KEVIntel
Back to KEVs
7.5
CVSS
High

CVE-2023-45727

PUBLISHED

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...

Exploited in the wild Remote Low complexity No user interaction
Vendor
North Grid Corporation
Product
Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition
Published
Oct 18, 2023
EPSS

Description

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

cisa

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2024-12-03 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Dec 03, 2024

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel