CVE-2024-5399

Summary

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.

Affected Software

VendorProductVersion RangeStatus
OpenfindMail2000 V7.0Patch 55 < Patch 124affected
OpenfindMail2000 V8.0earlier < Patch 31affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References