Vulnerability Description
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Msr45 Isherlock-User | < 4.5-115 |
| Hgiga | Ssr45 Isherlock-User | < 4.5-115 |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.htmlThird Party Advisory
- https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.htmlThird Party Advisory
FAQ
What is CVE-2020-35851?
CVE-2020-35851 is a vulnerability with a CVSS score of 8.1 (HIGH). HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
How severe is CVE-2020-35851?
CVE-2020-35851 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35851?
Check the references section above for vendor advisories and patch information. Affected products include: Hgiga Msr45 Isherlock-User, Hgiga Ssr45 Isherlock-User.