| TVN ID | TVN-202307010 |
|---|---|
| CVE ID | CVE-2023-37292 |
| CVSS | 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | HGiga iSherlock (包含 MailSherlock , SpamSherock, AuditSherlock) iSherlock 4.5: iSherlock-user < 4.5-174 iSherlock 5.5: iSherlock-user < 5.5-174 " |
| Description | HGiga iSherlock has a vulnerability of insufficient filtering within its personalized configuration interface. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary system commands remotely to perform arbitrary system operations or disrupt service. |
| Solution | Udate iSherlock-user version to 4.5-174(MSR45) or 5.5-174 (MSR55) or later version |
| Credit | Cyku (DEVCORE) |
| Public Date | 2023-09-19 |
:::