CVE-2023-48379

{"id": "CVE-2023-48379", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T08:15:45.803", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7597-fff54-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response."}, {"lang": "es", "value": "Softnext Mail SQR Expert es una plataforma de gesti\u00f3n de correo electr\u00f3nico, tiene un filtrado inadecuado para un par\u00e1metro de URL espec\u00edfico dentro de una funci\u00f3n espec\u00edfica. Un atacante remoto no autenticado puede realizar un ataque Blind SSRF para descubrir la topolog\u00eda de la red interna bas\u00e1ndose en la respuesta de error de URL."}], "lastModified": "2023-12-21T15:50:53.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softnext:mail_sqr_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDCE076E-BA94-4BFF-8FD9-4E08B4A6392F", "versionEndIncluding": "230330"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}