CVE-2022-40319

Name of the Vulnerable Software and Affected Versions LISTSERV 17

Description The LISTSERV 17 web interface is affected by an issue that allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks. This is achieved via a modified email address in a "wa.exe" URL, resulting in the unauthorized modification of a victim's LISTSERV account.

Recommendations For LISTSERV 17, consider restricting access to the wa.exe URL to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using modified email addresses in the wa.exe URL. At the moment, there is no information about a newer version that contains a fix for this issue.