Vulnerability Description
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Isherlock | >= 4.5, < 4.5-188 |
Related Weaknesses (CWE)
References
- https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290Third Party Advisory
- https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851Third Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.htmlThird Party Advisory
- https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290Third Party Advisory
- https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851Third Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.htmlThird Party Advisory
FAQ
What is CVE-2024-4298?
CVE-2024-4298 is a vulnerability with a CVSS score of 7.2 (HIGH). The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with adm...
How severe is CVE-2024-4298?
CVE-2024-4298 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-4298?
Check the references section above for vendor advisories and patch information. Affected products include: Hgiga Isherlock.