CVE-2023-4595 HIGH

CVE-2023-4595: Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail

Vendor Bvrp Software
Product SLmail
Weakness CWE-538
Published November 23, 2023
Last update August 2, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Key dates

02Disclosure timeline

November 23, 2023 CVE published
August 2, 2024 Record updated