CVE-2023-45727
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| North Grid Corporation | Proself Enterprise/Standard Edition | Ver5.62 and earlier | affected |
| North Grid Corporation | Proself Gateway Edition | Ver1.65 and earlier | affected |
| North Grid Corporation | Proself Mail Sanitize Edition | Ver1.08 and earlier | affected |
Weaknesses
- XML external entities (XXE)
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: partial
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.