| TVN ID | TVN-202404007 |
|---|---|
| CVE ID | CVE-2024-4296 |
| CVSS | 4.9 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Affected Products | Affected products and versions: HGiga iSherlock (including MailSherlock , SpamSherock, AuditSherlock) 4.5、5.5Affected components: iSherlock 4.5:iSherlock-useradmin < 4.5-149 iSherlock 5.5:iSherlock-useradmin < 5.5-149 |
| Description | The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files. |
| Solution | Update the iSherlock-useradmin package to version 4.5-149 or later for iSherlock 4.5, and to version 5.5-149 or later for iSherlock 5.5. |
| Credit | Dong-Jie Chen (CHT Security) |
| Public Date | 2024-04-29 |
:::