CVE-2022-42136 — HIGH (8.8)

Q: How severe is CVE-2022-42136?

CVE-2022-42136 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-42136?

Check the references section above for vendor advisories and patch information. Affected products include: Mailenable Mailenable.

Vulnerability Description

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mailenable	Mailenable	< 8.66

Related Weaknesses (CWE)

CWE-22

References

https://pastebin.com/ahLNMf5nThird Party Advisory
https://www.mailenable.com/kb/content/article.asp?ID=ME020737Vendor Advisory
https://pastebin.com/ahLNMf5nThird Party Advisory
https://www.mailenable.com/kb/content/article.asp?ID=ME020737Vendor Advisory

FAQ

What is CVE-2022-42136?

CVE-2022-42136 is a vulnerability with a CVSS score of 8.8 (HIGH). Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to s...

How severe is CVE-2022-42136?

CVE-2022-42136 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-42136?

Check the references section above for vendor advisories and patch information. Affected products include: Mailenable Mailenable.