CVE-2024-4296

Published Apr 29, 2024

Last updated 3 months ago

CVSS medium 4.9

Overview

Description
The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
Source
twcert@cert.org.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.9
Impact score
3.6
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

twcert@cert.org.tw
CWE-22

Social media

Hype score
Not currently trending

References