CVE-2023-22278

m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN55675303/index.html	Third Party Advisory
https://jvn.jp/en/jp/JVN55675303/index.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:daj:m-filter::::::::
	cpe:2.3:a:daj:m-filter::::::::

History

21 Nov 2024, 07:44

Type	Values Removed	Values Added
Summary		(es) m-FILTER anterior a la versión 5.70R01 (serie Ver.5) y m-FILTER anterior a la versión 4.87R04 (serie Ver.4) permite a un atacante remoto no autenticado eludir la autenticación y enviar correos electrónicos no deseados a los usuarios cuando se envían correos electrónicos bajo ciertas condiciones. Se han observado ataques que aprovechan esta vulnerabilidad.
References	~~() https://jvn.jp/en/jp/JVN55675303/index.html - Third Party Advisory~~	() https://jvn.jp/en/jp/JVN55675303/index.html - Third Party Advisory

Information

Published : 2023-01-17 10:15

Updated : 2024-11-21 07:44

NVD link : CVE-2023-22278

Mitre link : CVE-2023-22278

CVE.ORG link : CVE-2023-22278

JSON object : View

Products Affected

daj

m-filter

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-22278", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-01-17T10:15:11.333", "references": [{"url": "https://jvn.jp/en/jp/JVN55675303/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN55675303/index.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed."}, {"lang": "es", "value": "m-FILTER anterior a la versi\u00f3n 5.70R01 (serie Ver.5) y m-FILTER anterior a la versi\u00f3n 4.87R04 (serie Ver.4) permite a un atacante remoto no autenticado eludir la autenticaci\u00f3n y enviar correos electr\u00f3nicos no deseados a los usuarios cuando se env\u00edan correos electr\u00f3nicos bajo ciertas condiciones. Se han observado ataques que aprovechan esta vulnerabilidad."}], "lastModified": "2024-11-21T07:44:26.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:daj:m-filter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BED9AC-FCB9-4A5F-9751-A6DA42A32F2B", "versionEndExcluding": "4.87r04", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:a:daj:m-filter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC5965A1-EAE3-44FA-A2A2-DB76A534091C", "versionEndExcluding": "5.70r01", "versionStartIncluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}