The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-04-29T03:15:18.038Z

Updated: 2024-08-01T20:33:53.021Z

Reserved: 2024-04-29T01:47:10.212Z

Link: CVE-2024-4299

cve-icon Vulnrichment

Updated: 2024-08-01T20:33:53.021Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-29T04:15:08.623

Modified: 2024-11-21T09:42:34.330

Link: CVE-2024-4299

cve-icon Redhat

No data.