Back to KEVs

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...

Basic Information

CVE State: PUBLISHED
Reserved Date: October 11, 2023
Published Date: October 18, 2023
Last Updated: December 06, 2024
Vendor: North Grid Corporation
Product: Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2024-12-03 00:00:00 UTC) Source

References

https://www.proself.jp/information/153/ https://jvn.jp/en/jp/JVN95981460/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-12-03 00:00:00 UTC

Timeline

CVE ID Reserved

October 11, 2023
CVE Published to Public

October 18, 2023
Added to KEVIntel

December 03, 2024