Back to KEVs

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...

Basic Information

CVE State: PUBLISHED
Reserved Date: October 11, 2023
Published Date: October 18, 2023
Last Updated: December 06, 2024
Vendor: North Grid Corporation
Product: Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2024-12-03 00:00:00 UTC) Source

References

https://www.proself.jp/information/153/ https://jvn.jp/en/jp/JVN95981460/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-12-03 00:00:00 UTC