Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for MailSherlock MSR45/SSR45 by HGiga
CVE-2021-22848 (GCVE-0-2021-22848)
Vulnerability from nvd – Published: 2021-03-18 04:35 – Updated: 2024-09-16 20:57
VLAI?
Title
HGiga MailSherlock - SQL Injection-2
Summary
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
Severity ?
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
iSherlock-user-4.5 , < 120
(custom)
Affected: iSherlock-antispam-4.5 , < 133 (custom) |
Date Public ?
2021-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "iSherlock-user-4.5",
"versionType": "custom"
},
{
"lessThan": "133",
"status": "affected",
"version": "iSherlock-antispam-4.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T04:35:21.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "MailSherlock MSR45/SSR45\nModule: iSherlock-user-4.5-120.i386.rpm and iSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202101012",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - SQL Injection-2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-03-18T04:30:00.000Z",
"ID": "CVE-2021-22848",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - SQL Injection-2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "iSherlock-user-4.5",
"version_value": "120"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-antispam-4.5",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "MailSherlock MSR45/SSR45\nModule: iSherlock-user-4.5-120.i386.rpm and iSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202101012",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-22848",
"datePublished": "2021-03-18T04:35:21.791Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:57:24.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35851 (GCVE-0-2020-35851)
Vulnerability from nvd – Published: 2020-12-31 07:45 – Updated: 2024-09-17 04:25
VLAI?
Title
HGiga MailSherlock - Command Injection
Summary
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
Severity ?
8.1 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 115
(custom)
|
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "115",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-115.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011002",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35851",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "115"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-115.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35851",
"datePublished": "2020-12-31T07:45:52.468Z",
"dateReserved": "2020-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:25:22.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35743 (GCVE-0-2020-35743)
Vulnerability from nvd – Published: 2020-12-31 07:45 – Updated: 2024-09-17 02:37
VLAI?
Title
HGiga MailSherlock - SQL Injection -3
Summary
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
Severity ?
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011008",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - SQL Injection -3",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35743",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - SQL Injection -3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35743",
"datePublished": "2020-12-31T07:45:51.808Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:37:09.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35742 (GCVE-0-2020-35742)
Vulnerability from nvd – Published: 2020-12-31 07:45 – Updated: 2024-09-16 18:03
VLAI?
Title
HGiga MailSherlock - SQL Injection -1
Summary
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
Severity ?
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011006",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - SQL Injection -1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35742",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - SQL Injection -1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35742",
"datePublished": "2020-12-31T07:45:51.201Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:00.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35741 (GCVE-0-2020-35741)
Vulnerability from nvd – Published: 2020-12-31 07:45 – Updated: 2024-09-16 22:55
VLAI?
Title
HGiga MailSherlock - XSS -2
Summary
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:50.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011005",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - XSS -2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35741",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - XSS -2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35741",
"datePublished": "2020-12-31T07:45:50.593Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:55:57.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35740 (GCVE-0-2020-35740)
Vulnerability from nvd – Published: 2020-12-31 07:45 – Updated: 2024-09-16 23:36
VLAI?
Title
HGiga MailSherlock - XSS -1
Summary
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:49.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011004",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - XSS -1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35740",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - XSS -1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35740",
"datePublished": "2020-12-31T07:45:49.988Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:40.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25850 (GCVE-0-2020-25850)
Vulnerability from nvd – Published: 2020-12-31 07:45 – Updated: 2024-09-16 20:36
VLAI?
Title
HGiga MailSherlock - Arbitrary File Download
Summary
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
Severity ?
8.1 (High)
CWE
- Arbitrary File Download
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 117
(custom)
|
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "117",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Download",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:49.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-117.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011003",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - Arbitrary File Download",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-25850",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "117"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Download"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-117.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-25850",
"datePublished": "2020-12-31T07:45:49.379Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:36:52.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25848 (GCVE-0-2020-25848)
Vulnerability from nvd – Published: 2020-12-31 07:45 – Updated: 2024-09-17 00:11
VLAI?
Title
HGiga MailSherlock - Broken Authentication
Summary
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
Severity ?
9.8 (Critical)
CWE
- Broken Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 243
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-base-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "243",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "114",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-useradmin-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "122",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-audit-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "143",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:48.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-base-4.5-243.i386.rpm\t\niSherlock-user-4.5-114.i386.rpm\niSherlock-useradmin-4.5-122.i386.rpm\niSherlock-audit-4.5-143.i386.rpm\niSherlock-antispam-4.5-130.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011001",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - Broken Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-25848",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - Broken Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-base-4.5",
"version_affected": "\u003c",
"version_value": "243"
},
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "114"
},
{
"platform": "iSherlock-useradmin-4.5",
"version_affected": "\u003c",
"version_value": "122"
},
{
"platform": "iSherlock-audit-4.5",
"version_affected": "\u003c",
"version_value": "143"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "130"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-base-4.5-243.i386.rpm\t\niSherlock-user-4.5-114.i386.rpm\niSherlock-useradmin-4.5-122.i386.rpm\niSherlock-audit-4.5-143.i386.rpm\niSherlock-antispam-4.5-130.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-25848",
"datePublished": "2020-12-31T07:45:48.728Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:14.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22848 (GCVE-0-2021-22848)
Vulnerability from cvelistv5 – Published: 2021-03-18 04:35 – Updated: 2024-09-16 20:57
VLAI?
Title
HGiga MailSherlock - SQL Injection-2
Summary
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
Severity ?
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
iSherlock-user-4.5 , < 120
(custom)
Affected: iSherlock-antispam-4.5 , < 133 (custom) |
Date Public ?
2021-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "iSherlock-user-4.5",
"versionType": "custom"
},
{
"lessThan": "133",
"status": "affected",
"version": "iSherlock-antispam-4.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T04:35:21.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "MailSherlock MSR45/SSR45\nModule: iSherlock-user-4.5-120.i386.rpm and iSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202101012",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - SQL Injection-2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-03-18T04:30:00.000Z",
"ID": "CVE-2021-22848",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - SQL Injection-2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "iSherlock-user-4.5",
"version_value": "120"
},
{
"version_affected": "\u003c",
"version_name": "iSherlock-antispam-4.5",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4521-a4fd8-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "MailSherlock MSR45/SSR45\nModule: iSherlock-user-4.5-120.i386.rpm and iSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202101012",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-22848",
"datePublished": "2021-03-18T04:35:21.791Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:57:24.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35851 (GCVE-0-2020-35851)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-17 04:25
VLAI?
Title
HGiga MailSherlock - Command Injection
Summary
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
Severity ?
8.1 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 115
(custom)
|
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:13.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "115",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-115.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011002",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35851",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "115"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-115.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35851",
"datePublished": "2020-12-31T07:45:52.468Z",
"dateReserved": "2020-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:25:22.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35743 (GCVE-0-2020-35743)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-17 02:37
VLAI?
Title
HGiga MailSherlock - SQL Injection -3
Summary
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
Severity ?
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011008",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - SQL Injection -3",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35743",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - SQL Injection -3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35743",
"datePublished": "2020-12-31T07:45:51.808Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:37:09.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35742 (GCVE-0-2020-35742)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-16 18:03
VLAI?
Title
HGiga MailSherlock - SQL Injection -1
Summary
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
Severity ?
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011006",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - SQL Injection -1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35742",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - SQL Injection -1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35742",
"datePublished": "2020-12-31T07:45:51.201Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:00.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35741 (GCVE-0-2020-35741)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-16 22:55
VLAI?
Title
HGiga MailSherlock - XSS -2
Summary
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:50.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011005",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - XSS -2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35741",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - XSS -2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35741",
"datePublished": "2020-12-31T07:45:50.593Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:55:57.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35740 (GCVE-0-2020-35740)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-16 23:36
VLAI?
Title
HGiga MailSherlock - XSS -1
Summary
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 120
(custom)
|
|||||||
|
|||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "120",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:49.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011004",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - XSS -1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-35740",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - XSS -1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "120"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "133"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-user-4.5-120.i386.rpm\niSherlock-antispam-4.5-133.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-35740",
"datePublished": "2020-12-31T07:45:49.988Z",
"dateReserved": "2020-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:36:40.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25850 (GCVE-0-2020-25850)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-16 20:36
VLAI?
Title
HGiga MailSherlock - Arbitrary File Download
Summary
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
Severity ?
8.1 (High)
CWE
- Arbitrary File Download
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 117
(custom)
|
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "117",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Download",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:49.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-117.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011003",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - Arbitrary File Download",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-25850",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "117"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Download"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to iSherlock-user-4.5-117.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-25850",
"datePublished": "2020-12-31T07:45:49.379Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:36:52.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25848 (GCVE-0-2020-25848)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-17 00:11
VLAI?
Title
HGiga MailSherlock - Broken Authentication
Summary
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
Severity ?
9.8 (Critical)
CWE
- Broken Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| HGiga | MailSherlock MSR45/SSR45 |
Affected:
unspecified , < 243
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:05.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iSherlock-base-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "243",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-user-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "114",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-useradmin-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "122",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-audit-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "143",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"iSherlock-antispam-4.5"
],
"product": "MailSherlock MSR45/SSR45",
"vendor": "HGiga",
"versions": [
{
"lessThan": "130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:48.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-base-4.5-243.i386.rpm\t\niSherlock-user-4.5-114.i386.rpm\niSherlock-useradmin-4.5-122.i386.rpm\niSherlock-audit-4.5-143.i386.rpm\niSherlock-antispam-4.5-130.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011001",
"discovery": "EXTERNAL"
},
"title": "HGiga MailSherlock - Broken Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T05:00:00.000Z",
"ID": "CVE-2020-25848",
"STATE": "PUBLIC",
"TITLE": "HGiga MailSherlock - Broken Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MailSherlock MSR45/SSR45",
"version": {
"version_data": [
{
"platform": "iSherlock-base-4.5",
"version_affected": "\u003c",
"version_value": "243"
},
{
"platform": "iSherlock-user-4.5",
"version_affected": "\u003c",
"version_value": "114"
},
{
"platform": "iSherlock-useradmin-4.5",
"version_affected": "\u003c",
"version_value": "122"
},
{
"platform": "iSherlock-audit-4.5",
"version_affected": "\u003c",
"version_value": "143"
},
{
"platform": "iSherlock-antispam-4.5",
"version_affected": "\u003c",
"version_value": "130"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Robin Tung, Dio Lin of CHT Security Co., Ltd."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update MailSherlock MSR45/SSR45 Module to:\niSherlock-base-4.5-243.i386.rpm\t\niSherlock-user-4.5-114.i386.rpm\niSherlock-useradmin-4.5-122.i386.rpm\niSherlock-audit-4.5-143.i386.rpm\niSherlock-antispam-4.5-130.i386.rpm"
}
],
"source": {
"advisory": "TVN-202011001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-25848",
"datePublished": "2020-12-31T07:45:48.728Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:14.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}