CVE-2023-48378

{"id": "CVE-2023-48378", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T08:15:45.547", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7596-648f3-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}, {"lang": "es", "value": "Softnext Mail SQR Expert tiene una vulnerabilidad de path traversal dentro de su par\u00e1metro en una URL espec\u00edfica. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para eludir la autenticaci\u00f3n y descargar archivos arbitrarios del sistema."}], "lastModified": "2023-12-21T15:51:05.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F", "versionEndIncluding": "230330"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}