Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTwcertCVE-2022-40741
HistoryOct 31, 2022 - 7:15 a.m.

CVE-2022-40741

2022-10-3107:15:10
CWE-78
twcert
web.nvd.nist.gov
31
cve-2022-40741
mail sqr expert
filtering
remote attacker
arbitrary system command

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

71.0%

JSON

Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.

Affected configurations

Nvd
Node
softnextmail_sqr_expertMatch2dut.190301
VendorProductVersionCPE
softnextmail_sqr_expert2dut.190301cpe:2.3:a:softnext:mail_sqr_expert:2dut.190301:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "SOFTNEXT TECHNOLOGIES CORP.",
    "product": "Mail SQR Expert",
    "versions": [
      {
        "version": "2dut.190301",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Command injection
2022-10-31 07:15:00
cvelist
cvelist
CVE-2022-40741 SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Command Injection
2022-10-31 06:40:41
nvd
nvd
CVE-2022-40741
2022-10-31 07:15:10

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.003

Percentile

71.0%

JSON
Related for CVE-2022-40741
prion1cvelist1nvd1