CVE-2023-45727

CVSS 7.5 HIGHEPSS 3.5%● KEVCWE-611

In short

A vulnerability in Proself allows attackers to read sensitive files from the server by sending specially crafted XML requests. This is dangerous because account information and other confidential data stored on the server can be exposed without authentication.

Technical detail

XML External Entity (XXE) injection vulnerability in Proself Enterprise/Standard (≤5.62), Gateway (≤1.65), and Mail Sanitize (≤1.08) editions allows unauthenticated remote attackers to read arbitrary server files through malformed XML processing. The attack requires no prior authentication and can extract files containing account credentials and sensitive data.

Summary generated and translated by AI from the official description.

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

North Grid Corporation · Proself Enterprise/Standard Edition North Grid Corporation · Proself Gateway Edition North Grid Corporation · Proself Mail Sanitize Edition

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN95981460/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727 https://www.proself.jp/information/153/