CVE-2023-4595

Summary

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Affected Software

VendorProductVersion RangeStatus
BVRP SoftwareSLmail5.5.0.4433affected

Weaknesses

  • CWE-538: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

ADP Enrichment

CVE Program Container

Additional References

References