PT-2023-26940 · Proself · Proself Gateway Edition+2
Published
2023-08-18
·
Updated
2023-08-23
·
CVE-2023-39416
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Proself Enterprise/Standard Edition versions 5.61 and earlier
Proself Gateway Edition versions 1.62 and earlier
Proself Mail Sanitize Edition versions 1.07 and earlier
Description
The issue allows a remote authenticated attacker with administrative privilege to execute arbitrary OS commands. This can be done by exploiting the vulnerability in the affected software versions.
Recommendations
For Proself Enterprise/Standard Edition versions 5.61 and earlier, update to a version later than 5.61 to resolve the issue.
For Proself Gateway Edition versions 1.62 and earlier, update to a version later than 1.62 to resolve the issue.
For Proself Mail Sanitize Edition versions 1.07 and earlier, update to a version later than 1.07 to resolve the issue.
As a temporary workaround, consider restricting administrative privileges to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proself Enterprise/Standard Edition
Proself Gateway Edition
Proself Mail Sanitize Edition