An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.
References
Link | Resource |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-11-23T12:38:04.999Z
Updated: 2023-11-23T12:38:04.999Z
Reserved: 2023-08-29T08:30:24.615Z
Link: CVE-2023-4595
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-23T13:15:12.533
Modified: 2023-11-29T21:23:11.087
Link: CVE-2023-4595
JSON object: View
Redhat Information
No data.
CWE