Lucene search

JpcertCVE-2023-40747

HistoryMar 18, 2024 - 1:15 a.m.

CVE-2023-40747

2024-03-1801:15:48

jpcert

web.nvd.nist.gov

cve

2023

40747

directory traversal

a.k.i software

pmailserver

pmailserver2

cgis

remote access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Directory traversal vulnerability exists in A.K.I Software’s PMailServer/PMailServer2 products’ CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

Affected configurations

Vulners

Node

a.k.i_softwarepmman.exe_\(standard_edition\)Match2.5.1.12154

a.k.i_softwarepmman.exe_\(pro_edition\)Match2.5.1.12155

a.k.i_softwarepmman.exe_\(standard_\+_imap4_edition\)Match2.5.1.12156

a.k.i_softwarepmman.exe_\(pro_\+_imap4_edition\)Match2.5.1.12157

a.k.i_softwarepmman.exe_\(enterprise_edition\)Match2.5.1.12158

VendorProductVersionCPE
a.k.i_softwarepmman.exe_\(standard_edition\)2.5.1.12154cpe:2.3:a:a.k.i_software:pmman.exe_\(standard_edition\):2.5.1.12154:*:*:*:*:*:*:*
a.k.i_softwarepmman.exe_\(pro_edition\)2.5.1.12155cpe:2.3:a:a.k.i_software:pmman.exe_\(pro_edition\):2.5.1.12155:*:*:*:*:*:*:*
a.k.i_softwarepmman.exe_\(standard_\+_imap4_edition\)2.5.1.12156cpe:2.3:a:a.k.i_software:pmman.exe_\(standard_\+_imap4_edition\):2.5.1.12156:*:*:*:*:*:*:*
a.k.i_softwarepmman.exe_\(pro_\+_imap4_edition\)2.5.1.12157cpe:2.3:a:a.k.i_software:pmman.exe_\(pro_\+_imap4_edition\):2.5.1.12157:*:*:*:*:*:*:*
a.k.i_softwarepmman.exe_\(enterprise_edition\)2.5.1.12158cpe:2.3:a:a.k.i_software:pmman.exe_\(enterprise_edition\):2.5.1.12158:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
a.k.i_software	pmman.exe_\(standard_edition\)	2.5.1.12154	cpe:2.3:a:a.k.i_software:pmman.exe_\(standard_edition\):2.5.1.12154:::::::*
a.k.i_software	pmman.exe_\(pro_edition\)	2.5.1.12155	cpe:2.3:a:a.k.i_software:pmman.exe_\(pro_edition\):2.5.1.12155:::::::*
a.k.i_software	pmman.exe_\(standard_\+_imap4_edition\)	2.5.1.12156	cpe:2.3:a:a.k.i_software:pmman.exe_\(standard_\+_imap4_edition\):2.5.1.12156:::::::*
a.k.i_software	pmman.exe_\(pro_\+_imap4_edition\)	2.5.1.12157	cpe:2.3:a:a.k.i_software:pmman.exe_\(pro_\+_imap4_edition\):2.5.1.12157:::::::*
a.k.i_software	pmman.exe_\(enterprise_edition\)	2.5.1.12158	cpe:2.3:a:a.k.i_software:pmman.exe_\(enterprise_edition\):2.5.1.12158:::::::*

CNA Affected

[
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Standard edition)",
    "versions": [
      {
        "version": "2.5.1.12154 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Pro edition)",
    "versions": [
      {
        "version": "2.5.1.12155 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Standard + IMAP4 edition)",
    "versions": [
      {
        "version": "2.5.1.12156 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Pro + IMAP4 edition)",
    "versions": [
      {
        "version": "2.5.1.12157 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmman.exe (Enterprise edition)",
    "versions": [
      {
        "version": "2.5.1.12158 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

akisoftware.com/Vulnerability202301.html

jvn.jp/en/jp/JVN92720882/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-40747