TVN ID | TVN-202407011 |
---|---|
CVE ID | CVE-2024-5670 |
CVSS | 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Affected Products | SN OS 12.1 version 230921 and earlierSN OS 12.3 version 230921 and earlierSN OS 10.3 version 230630 and earlier |
Description | The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server. |
Solution | Update SN OS 12.1 to version 230922 or laterUpdate SN OS 12.3 to version 230922 or laterUpdate SN OS 10.3 to version 230631 or laterFor affected products running on FreeBSD 9.x, updates will not be supported. Please upgrade the operating system version first. |
Credit | Cyku Hong(DEVCORE) |
Public Date | 2024-07-29 |