github - ghsa-vgqq-j658-qpcx

ghsa-vgqq-j658-qpcx

Vulnerability from github

Published

2024-03-18 03:30

Modified

2024-08-01 15:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-40747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T01:15:48Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability exists in A.K.I Software\u0027s PMailServer/PMailServer2 products\u0027 CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a  remote attacker may access arbitrary files outside DocumentRoot.",
  "id": "GHSA-vgqq-j658-qpcx",
  "modified": "2024-08-01T15:31:33Z",
  "published": "2024-03-18T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40747"
    },
    {
      "type": "WEB",
      "url": "https://akisoftware.com/Vulnerability202301.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN92720882"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-40747 (GCVE-0-2023-40747)

Vulnerability from cvelistv5

Published

2024-03-18 00:32

Modified

2025-03-18 19:08

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Directory traversal

Summary

Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

References

URL

Tags

	https://akisoftware.com/Vulnerability202301.html
	https://jvn.jp/en/jp/JVN92720882/

Impacted products

Vendor

Product

Version

pmman.exe (Standard edition)

Version: 2.5.1.12154 and earlier

	A.K.I Software	pmman.exe (Pro edition)	Version: 2.5.1.12155 and earlier
	A.K.I Software	pmman.exe (Standard + IMAP4 edition)	Version: 2.5.1.12156 and earlier
	A.K.I Software	pmman.exe (Pro + IMAP4 edition)	Version: 2.5.1.12157 and earlier
	A.K.I Software	pmman.exe (Enterprise edition)	Version: 2.5.1.12158 and earlier

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:aki:pmman.exe\\/standard_edition\\/:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pmman.exe\\/standard_edition\\/",
            "vendor": "aki",
            "versions": [
              {
                "lessThan": "2.5.1.12154",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:aki:pmman.exe\\/pro_edition\\/:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pmman.exe\\/pro_edition\\/",
            "vendor": "aki",
            "versions": [
              {
                "lessThan": "2.5.1.12155",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:aki:pmman.exe\\/standard_plus_imap4_edition:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pmman.exe\\/standard_plus_imap4_edition",
            "vendor": "aki",
            "versions": [
              {
                "lessThan": "2.5.1.12156",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:aki:pmman.exe\\/pro_plus_imap4_edition\\/:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pmman.exe\\/pro_plus_imap4_edition\\/",
            "vendor": "aki",
            "versions": [
              {
                "lessThan": "2.5.1.12157",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:aki:pmman.exe\\/enterprise_edition\\/:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pmman.exe\\/enterprise_edition\\/",
            "vendor": "aki",
            "versions": [
              {
                "lessThan": "2.5.1.12158",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-40747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T15:00:53.605686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T19:08:32.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:10.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://akisoftware.com/Vulnerability202301.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN92720882/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pmman.exe (Standard edition)",
          "vendor": "A.K.I Software",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.1.12154 and earlier"
            }
          ]
        },
        {
          "product": "pmman.exe (Pro edition)",
          "vendor": "A.K.I Software",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.1.12155 and earlier"
            }
          ]
        },
        {
          "product": "pmman.exe (Standard + IMAP4 edition)",
          "vendor": "A.K.I Software",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.1.12156 and earlier"
            }
          ]
        },
        {
          "product": "pmman.exe (Pro + IMAP4 edition)",
          "vendor": "A.K.I Software",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.1.12157 and earlier"
            }
          ]
        },
        {
          "product": "pmman.exe (Enterprise edition)",
          "vendor": "A.K.I Software",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.1.12158 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability exists in A.K.I Software\u0027s PMailServer/PMailServer2 products\u0027 CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a  remote attacker may access arbitrary files outside DocumentRoot."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-18T00:32:58.218Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://akisoftware.com/Vulnerability202301.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN92720882/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-40747",
    "datePublished": "2024-03-18T00:32:58.218Z",
    "dateReserved": "2023-08-29T05:55:03.449Z",
    "dateUpdated": "2025-03-18T19:08:32.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.