Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for isherlock by hgiga

    CVE-2024-4299 (GCVE-0-2024-4299)

    Vulnerability from nvd – Published: 2024-04-29 03:15 – Updated: 2025-07-14 02:21
    VLAI
    Title
    HGiga iSherlock - Command Injection
    Summary
    The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 4.5-0 , < 4.5-147 (custom)
        cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    hgiga isherlock Affected: 5.5-0 , < 5.5-147 (custom)
        cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 03:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-147",
                    "status": "affected",
                    "version": "4.5-0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "5.5-147",
                    "status": "affected",
                    "version": "5.5-0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T15:52:00.425739Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:03.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7771-36c50-1.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T03:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
                }
              ],
              "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:21:35.775Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7771-36c50-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\u003cbr\u003e\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\n\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404010",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4299",
        "datePublished": "2024-04-29T03:15:18.038Z",
        "dateReserved": "2024-04-29T01:47:10.212Z",
        "dateUpdated": "2025-07-14T02:21:35.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4298 (GCVE-0-2024-4298)

    Vulnerability from nvd – Published: 2024-04-29 02:39 – Updated: 2025-07-14 02:19
    VLAI
    Title
    HGiga iSherlock - Command Injection
    Summary
    The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 188 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 188 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 0 , < 4.5-188 (custom)
        cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    hgiga isherlock Affected: 0 , < 5.5-188" (custom)
        cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 02:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-188",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "5.5-188\"",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T16:22:06.621404Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:24.316Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-query-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "188",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-query-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "188",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T02:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
                }
              ],
              "value": "The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:19:23.281Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html"
            },
            {
              "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
            },
            {
              "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-query-4.5 to version 188 or later\u003cbr\u003e\n\nUpdate iSherlock-query-5.5 to version 188 or later\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update iSherlock-query-4.5 to version 188 or later\n\n\nUpdate iSherlock-query-5.5 to version 188 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404009",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4298",
        "datePublished": "2024-04-29T02:39:04.580Z",
        "dateReserved": "2024-04-29T01:47:09.033Z",
        "dateUpdated": "2025-07-14T02:19:23.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4297 (GCVE-0-2024-4297)

    Vulnerability from nvd – Published: 2024-04-29 02:28 – Updated: 2025-07-14 02:17
    VLAI
    Title
    HGiga iSherlock - Arbitrary File Download
    Summary
    The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 4.5 , < 4.5-147 (custom)
        cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 02:20
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-147",
                    "status": "affected",
                    "version": "4.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T14:46:04.177828Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:11.281Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7767-ce3b4-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T02:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
                }
              ],
              "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:17:55.601Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7767-ce3b4-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\u003cbr\u003e\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\n\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404008",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Arbitrary File Download",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4297",
        "datePublished": "2024-04-29T02:28:24.526Z",
        "dateReserved": "2024-04-29T01:47:07.589Z",
        "dateUpdated": "2025-07-14T02:17:55.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4296 (GCVE-0-2024-4296)

    Vulnerability from nvd – Published: 2024-04-29 02:08 – Updated: 2025-07-14 02:15
    VLAI
    Title
    HGiga iSherlock - Arbitrary File Download
    Summary
    The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 149 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 149 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 0 , < 4.5-149 (custom)
    Affected: 0 , < 5.5-149 (custom)
        cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 02:03
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7765-49906-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-149",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.5-149",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T19:54:13.850537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:03:13.097Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-useradmin-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "149",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-useradmin-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "149",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T02:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
                }
              ],
              "value": "The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-597",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-597 Absolute Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:15:08.879Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7765-49906-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-useradmin-4.5 to version 149 or later\u003cbr\u003e\n\nUpdate\u0026nbsp;iSherlock-useradmin-5.5\n\n\n\nto version 149 or later"
                }
              ],
              "value": "Update iSherlock-useradmin-4.5 to version 149 or later\n\n\nUpdate\u00a0iSherlock-useradmin-5.5\n\n\n\nto version 149 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404007",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Arbitrary File Download",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4296",
        "datePublished": "2024-04-29T02:08:23.300Z",
        "dateReserved": "2024-04-29T01:47:05.422Z",
        "dateUpdated": "2025-07-14T02:15:08.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37292 (GCVE-0-2023-37292)

    Vulnerability from nvd – Published: 2023-07-21 04:08 – Updated: 2024-10-24 14:30
    VLAI
    Title
    HGiga iSherlock - Command Injection
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: , < iSherlock-user-4.5-174 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: , < iSherlock-user-5.5-174 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 4.5-174
    Affected: 5.5-174
        cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-07-21 03:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:09:34.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7239-8fc29-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5-174"
                  },
                  {
                    "status": "affected",
                    "version": "5.5-174"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37292",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:26:44.238985Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:30:28.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-user"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "iSherlock-user-4.5-174",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-user"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "iSherlock-user-5.5-174",
                  "status": "affected",
                  "version": "   ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-07-21T03:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.\u003cp\u003eThis issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T04:08:55.811Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "url": "https://www.twcert.org.tw/tw/cp-132-7239-8fc29-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eiSherlock 4.5: update \n\niSherlock-user module version to\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u81f3\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e 4.5-174(MSR45) or later version\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eiSherlock5.5:\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eupdate \n\niSherlock-user module version to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u81f3\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;5.5-174\u003c/span\u003e(MSR55) \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\nor later version\n\n\u003c/span\u003e"
                }
              ],
              "value": "iSherlock 4.5: update \n\niSherlock-user module version to\u00a0\u81f3 4.5-174(MSR45) or later version\niSherlock5.5:\n\nupdate \n\niSherlock-user module version to \u81f3\u00a05.5-174(MSR55) \n\nor later version\n\n"
            }
          ],
          "source": {
            "advisory": "TVN-202307010",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2023-37292",
        "datePublished": "2023-07-21T04:08:55.811Z",
        "dateReserved": "2023-06-30T02:08:23.931Z",
        "dateUpdated": "2024-10-24T14:30:28.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4299 (GCVE-0-2024-4299)

    Vulnerability from cvelistv5 – Published: 2024-04-29 03:15 – Updated: 2025-07-14 02:21
    VLAI
    Title
    HGiga iSherlock - Command Injection
    Summary
    The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 4.5-0 , < 4.5-147 (custom)
        cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    hgiga isherlock Affected: 5.5-0 , < 5.5-147 (custom)
        cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 03:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-147",
                    "status": "affected",
                    "version": "4.5-0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "5.5-147",
                    "status": "affected",
                    "version": "5.5-0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4299",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T15:52:00.425739Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:03.945Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7771-36c50-1.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T03:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
                }
              ],
              "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:21:35.775Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7771-36c50-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\u003cbr\u003e\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\n\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404010",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4299",
        "datePublished": "2024-04-29T03:15:18.038Z",
        "dateReserved": "2024-04-29T01:47:10.212Z",
        "dateUpdated": "2025-07-14T02:21:35.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4298 (GCVE-0-2024-4298)

    Vulnerability from cvelistv5 – Published: 2024-04-29 02:39 – Updated: 2025-07-14 02:19
    VLAI
    Title
    HGiga iSherlock - Command Injection
    Summary
    The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 188 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 188 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 0 , < 4.5-188 (custom)
        cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    hgiga isherlock Affected: 0 , < 5.5-188" (custom)
        cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 02:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-188",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:5.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "5.5-188\"",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T16:22:06.621404Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:24.316Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-query-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "188",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-query-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "188",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T02:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
                }
              ],
              "value": "The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:19:23.281Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html"
            },
            {
              "url": "https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290"
            },
            {
              "url": "https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-query-4.5 to version 188 or later\u003cbr\u003e\n\nUpdate iSherlock-query-5.5 to version 188 or later\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update iSherlock-query-4.5 to version 188 or later\n\n\nUpdate iSherlock-query-5.5 to version 188 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404009",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4298",
        "datePublished": "2024-04-29T02:39:04.580Z",
        "dateReserved": "2024-04-29T01:47:09.033Z",
        "dateUpdated": "2025-07-14T02:19:23.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4297 (GCVE-0-2024-4297)

    Vulnerability from cvelistv5 – Published: 2024-04-29 02:28 – Updated: 2025-07-14 02:17
    VLAI
    Title
    HGiga iSherlock - Arbitrary File Download
    Summary
    The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 147 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 4.5 , < 4.5-147 (custom)
        cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 02:20
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:4.5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-147",
                    "status": "affected",
                    "version": "4.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T14:46:04.177828Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:11.281Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7767-ce3b4-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-sysinfo-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "147",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T02:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
                }
              ],
              "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:17:55.601Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7767-ce3b4-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\u003cbr\u003e\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update iSherlock-sysinfo-4.5 to version 147 or later\n\n\nUpdate iSherlock-sysinfo-5.5 to version 147 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404008",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Arbitrary File Download",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4297",
        "datePublished": "2024-04-29T02:28:24.526Z",
        "dateReserved": "2024-04-29T01:47:07.589Z",
        "dateUpdated": "2025-07-14T02:17:55.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4296 (GCVE-0-2024-4296)

    Vulnerability from cvelistv5 – Published: 2024-04-29 02:08 – Updated: 2025-07-14 02:15
    VLAI
    Title
    HGiga iSherlock - Arbitrary File Download
    Summary
    The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: earlier , < 149 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: earlier , < 149 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 0 , < 4.5-149 (custom)
    Affected: 0 , < 5.5-149 (custom)
        cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-29 02:03
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7765-49906-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "lessThan": "4.5-149",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.5-149",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T19:54:13.850537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:03:13.097Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-useradmin-4.5"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "149",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-useradmin-5.5"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "149",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-04-29T02:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
                }
              ],
              "value": "The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-597",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-597 Absolute Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T02:15:08.879Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7765-49906-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update iSherlock-useradmin-4.5 to version 149 or later\u003cbr\u003e\n\nUpdate\u0026nbsp;iSherlock-useradmin-5.5\n\n\n\nto version 149 or later"
                }
              ],
              "value": "Update iSherlock-useradmin-4.5 to version 149 or later\n\n\nUpdate\u00a0iSherlock-useradmin-5.5\n\n\n\nto version 149 or later"
            }
          ],
          "source": {
            "advisory": "TVN-202404007",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Arbitrary File Download",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-4296",
        "datePublished": "2024-04-29T02:08:23.300Z",
        "dateReserved": "2024-04-29T01:47:05.422Z",
        "dateUpdated": "2025-07-14T02:15:08.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37292 (GCVE-0-2023-37292)

    Vulnerability from cvelistv5 – Published: 2023-07-21 04:08 – Updated: 2024-10-24 14:30
    VLAI
    Title
    HGiga iSherlock - Command Injection
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    HGiga iSherlock 4.5 Affected: , < iSherlock-user-4.5-174 (custom)
    Create a notification for this product.
    HGiga iSherlock 5.5 Affected: , < iSherlock-user-5.5-174 (custom)
    Create a notification for this product.
    hgiga isherlock Affected: 4.5-174
    Affected: 5.5-174
        cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-07-21 03:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:09:34.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7239-8fc29-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hgiga:isherlock:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isherlock",
                "vendor": "hgiga",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.5-174"
                  },
                  {
                    "status": "affected",
                    "version": "5.5-174"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37292",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:26:44.238985Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:30:28.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-user"
              ],
              "product": "iSherlock 4.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "iSherlock-user-4.5-174",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "iSherlock-user"
              ],
              "product": "iSherlock 5.5",
              "vendor": "HGiga",
              "versions": [
                {
                  "lessThan": "iSherlock-user-5.5-174",
                  "status": "affected",
                  "version": "   ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-07-21T03:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.\u003cp\u003eThis issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-21T04:08:55.811Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "url": "https://www.twcert.org.tw/tw/cp-132-7239-8fc29-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eiSherlock 4.5: update \n\niSherlock-user module version to\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u81f3\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e 4.5-174(MSR45) or later version\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eiSherlock5.5:\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eupdate \n\niSherlock-user module version to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u81f3\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;5.5-174\u003c/span\u003e(MSR55) \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\nor later version\n\n\u003c/span\u003e"
                }
              ],
              "value": "iSherlock 4.5: update \n\niSherlock-user module version to\u00a0\u81f3 4.5-174(MSR45) or later version\niSherlock5.5:\n\nupdate \n\niSherlock-user module version to \u81f3\u00a05.5-174(MSR55) \n\nor later version\n\n"
            }
          ],
          "source": {
            "advisory": "TVN-202307010",
            "discovery": "EXTERNAL"
          },
          "title": "HGiga iSherlock - Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2023-37292",
        "datePublished": "2023-07-21T04:08:55.811Z",
        "dateReserved": "2023-06-30T02:08:23.931Z",
        "dateUpdated": "2024-10-24T14:30:28.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }