{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48378", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-11-16T03:49:45.972Z", "datePublished": "2023-12-15T08:01:09.434Z", "dateUpdated": "2024-10-08T14:16:25.159Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mail SQR Expert ", "vendor": "Softnext", "versions": [{"lessThanOrEqual": "230330", "status": "affected", "version": " ", "versionType": "custom"}]}], "datePublic": "2023-12-15T08:05:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}], "value": "Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-12-15T08:01:09.434Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update version to  230430."}], "value": "Update version to\u00a0 230430."}], "source": {"advisory": "TVN-202312007", "discovery": "EXTERNAL"}, "title": "Softnext Mail SQR Expert - Path Traversal ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:35.021Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T14:16:13.885822Z", "id": "CVE-2023-48378", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:16:25.159Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:35.021Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48378", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T14:16:13.885822Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:16:21.827Z"}}], "cna": {"title": "Softnext Mail SQR Expert - Path Traversal ", "source": {"advisory": "TVN-202312007", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Softnext", "product": "Mail SQR Expert ", "versions": [{"status": "affected", "version": " ", "versionType": "custom", "lessThanOrEqual": "230330"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update version to\u00a0 230430.", "supportingMedia": [{"type": "text/html", "value": "Update version to  230430.", "base64": false}]}], "datePublic": "2023-12-15T08:05:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.", "supportingMedia": [{"type": "text/html", "value": "Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-12-15T08:01:09.434Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48378", "state": "PUBLISHED", "dateUpdated": "2024-10-08T14:16:25.159Z", "dateReserved": "2023-11-16T03:49:45.972Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2023-12-15T08:01:09.434Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F", "versionEndIncluding": "230330", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}, {"lang": "es", "value": "Softnext Mail SQR Expert tiene una vulnerabilidad de path traversal dentro de su par\u00e1metro en una URL espec\u00edfica. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para eludir la autenticaci\u00f3n y descargar archivos arbitrarios del sistema."}], "id": "CVE-2023-48378", "lastModified": "2024-11-21T08:31:36.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2023-12-15T08:15:45.547", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}