JVNDB-2023-000002

Digital Arts m-FILTER vulnerable to improper authentication

m-FILTER provided by Digital Arts Inc. is an emaill security product.
m-FILTER contains an improper authentication vulnerability (CWE-287) when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker.

Digital Arts Inc. states that attacks exploiting this vulnerability have been observed.

Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.

Digital Arts Inc.

• m-FILTER prior to Ver.5.70R01 (Ver.5 Series)
• m-FILTER prior to Ver.4.87R04 (Ver.4 Series)

The developer states that m-FILTER@Cloud had been affected by this vulnerability as well.

Exploiting this vulnerability may result in the impacts listed below.

• The source IP address is blacklisted and emails cannot be sent
• If the archive function is being used, sent unsolicited emails are archived and the disk space is oppressed

[Update the Software]
Update to the latest version according to the information provided by the developer.
The developer has released the following versions to fix the vulnerability.

• m-FILTER Ver.5.70R01 (Ver.5 Series)
• m-FILTER Ver.4.87R04 (Ver.4 Series)

The issue in m-FILTER@Cloud is already fixed with the update on December 23, 2022.

Digital Arts Inc.

• Digital Arts Inc. : m-FILTER Ver.5 (login required) in Japanese
• Digital Arts Inc. : m-FILTER Ver.4 (login required) in Japanese
• Digital Arts Inc. : m-FILTER@Cloud (login required) in Japanese

1. Improper Authentication(CWE-287) [IPA Evaluation]

1. CVE-2023-22278

1. JVN : JVN#55675303
2. National Vulnerability Database (NVD) : CVE-2023-22278

• [2023/01/06]
    Web page was published