The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-04-29T02:39:04.580Z
Updated: 2024-08-01T20:33:53.107Z
Reserved: 2024-04-29T01:47:09.033Z
Link: CVE-2024-4298
Vulnrichment
Updated: 2024-08-01T20:33:53.107Z
NVD
Status : Awaiting Analysis
Published: 2024-04-29T03:15:09.810
Modified: 2024-07-03T21:15:04.183
Link: CVE-2024-4298
Redhat
No data.