The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-04-29T02:39:04.580Z

Updated: 2024-08-01T20:33:53.107Z

Reserved: 2024-04-29T01:47:09.033Z

Link: CVE-2024-4298

cve-icon Vulnrichment

Updated: 2024-08-01T20:33:53.107Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-29T03:15:09.810

Modified: 2024-07-03T21:15:04.183

Link: CVE-2024-4298

cve-icon Redhat

No data.