Vulnerabilities > CVE-2023-48379 - Server-Side Request Forgery (SSRF) vulnerability in Softnext Mail SQR Expert 230330/2Dut.190301/2Dut.220701

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
softnext
CWE-918

Summary

Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

Common Weakness Enumeration (CWE)