The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-04-29T03:15:18.038Z
Updated: 2024-08-01T20:33:53.021Z
Reserved: 2024-04-29T01:47:10.212Z
Link: CVE-2024-4299
Vulnrichment
Updated: 2024-08-01T20:33:53.021Z
NVD
Status : Awaiting Analysis
Published: 2024-04-29T04:15:08.623
Modified: 2024-11-21T09:42:34.330
Link: CVE-2024-4299
Redhat
No data.