CVE-2023-45727

Name of the Vulnerable Software and Affected Versions Proself Enterprise/Standard Edition versions 5.62 and earlier Proself Gateway Edition versions 1.65 and earlier Proself Mail Sanitize Edition versions 1.08 and earlier

Description The issue allows a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker. This vulnerability has been exploited by a China-Linked Group for espionage.

Recommendations For Proself Enterprise/Standard Edition versions 5.62 and earlier, consider disabling the XML processing functionality until a patch is available. For Proself Gateway Edition versions 1.65 and earlier, restrict access to the vulnerable module to minimize the risk of exploitation. For Proself Mail Sanitize Edition versions 1.08 and earlier, avoid using the vulnerable API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.