go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Openfind MailGates/MailAudit - Command Injection

TVN ID TVN-202010005
CVE ID CVE-2020-25849
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products MailGates v4.0、v5.0;MailAudit v4.0、v5.0
Description MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
Solution Update Patch to 5.2.8.048 version
Credit Openfind technical department
Public Date 2020-11-02
Top