CVE-2024-6048

Summary

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.

Affected Software

VendorProductVersion RangeStatus
OpenfindMailGates 5.0earlier < Patch 5.2.10.094affected
OpenfindMailAudit 5.0earlier < Patch 5.2.10.094affected
OpenfindMailGates 6.0earlier < Patch 6.1.7.037affected
OpenfindMailAudit 6.0earlier < Patch 6.1.7.037affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References