CVE-2023-45727

Summary

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

Affected Software

VendorProductVersion RangeStatus
North Grid CorporationProself Enterprise/Standard EditionVer5.62 and earlieraffected
North Grid CorporationProself Gateway EditionVer1.65 and earlieraffected
North Grid CorporationProself Mail Sanitize EditionVer1.08 and earlieraffected

Weaknesses

  • XML external entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References