Vulnerabilities > CVE-2023-4595 - Unspecified vulnerability in Seattlelab Slmail 5.5.0.4433

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

seattlelab

NVD

Published: 2023-11-23

Updated: 2024-11-21

Summary

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Vulnerable Configurations

Part	Description	Count
Application	Seattlelab Seattlelab Slmail 5.5.0.4433	1
OS	Microsoft Microsoft Windows -	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail