{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42136", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-07T18:57:17.268Z", "dateReserved": "2022-10-03T00:00:00.000Z", "datePublished": "2023-01-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-13T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}, {"url": "https://pastebin.com/ahLNMf5n"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.370Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737", "tags": ["x_transferred"]}, {"url": "https://pastebin.com/ahLNMf5n", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T18:56:43.334542Z", "id": "CVE-2022-42136", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T18:57:17.268Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737", "tags": ["x_transferred"]}, {"url": "https://pastebin.com/ahLNMf5n", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.370Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-42136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-07T18:56:43.334542Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T18:57:10.734Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}, {"url": "https://pastebin.com/ahLNMf5n"}], "descriptions": [{"lang": "en", "value": "Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-13T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42136", "state": "PUBLISHED", "dateUpdated": "2025-04-07T18:57:17.268Z", "dateReserved": "2022-10-03T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-01-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0BD1DC6B-569B-4A68-A940-8DD7D46B0EC7", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*", "matchCriteriaId": "F00FBB02-0396-48FD-A212-B8AA0EED5EB1", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*", "matchCriteriaId": "04012D59-A1A5-4E0D-9D09-B916DF4109C7", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "matchCriteriaId": "236A06C3-A366-46E8-AA7A-6BB0076B747F", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FB5FA14B-9800-4944-914B-6F5EC3AFE2D3", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*", "matchCriteriaId": "4335FB0F-3311-4DB4-82F7-A1951FD2972C", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*", "matchCriteriaId": "12E681AC-2B1C-4848-A7F3-D32412F971E5", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "matchCriteriaId": "9DAB75C2-9F57-4E54-80EC-B69147E619D1", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7BF6CDCE-2212-49CF-ADA1-F066D126B970", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*", "matchCriteriaId": "DD783D53-EEA4-4DBC-B105-E224E4AE978B", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*", "matchCriteriaId": "DE07E64E-C8C4-40D7-AF5D-54C684CF29C8", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "matchCriteriaId": "D2D9F41A-E2A3-495C-90A7-F56104291EDA", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands."}, {"lang": "es", "value": "Los usuarios de correo autenticados, en circunstancias espec\u00edficas, pod\u00edan agregar archivos con contenido no desinfectado en carpetas p\u00fablicas a las que el usuario de IIS ten\u00eda permiso para acceder. Esa acci\u00f3n podr\u00eda llevar a un atacante a almacenar c\u00f3digo arbitrario en esos archivos y ejecutar comandos RCE."}], "id": "CVE-2022-42136", "lastModified": "2025-04-07T19:15:43.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-13T21:15:15.523", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/ahLNMf5n"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/ahLNMf5n"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}