|
[Japanese]
|
JVNDB-2023-000090
|
Multiple vulnerabilities in CGIs of PMailServer and PMailServer2
|
|
CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below.
* Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-39223
* Insufficient verification vulnerability in Broadcast Mail CGI (pmc.exe) (CWE-434) - CVE-2023-39933
* Directory traversal vulnerability in Mailing List Search CGI (pmmls.exe) (CWE-22) - CVE-2023-40160
* Directory traversal vulnerability in Internal Simple Webserver (CWE-22) - CVE-2023-40747
CVE-2023-39223, CVE-2023-39933, CVE-2023-40160
Shuji Shimizu of VeriServe Corporation reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-40747
Shunta Nakanishi of VeriServe Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-40747
|
CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
-
Access Vector: Network
-
Access Complexity: Low
-
Authentication: Single
-
Confidentiality Impact: None
-
Integrity Impact: Partial
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-39223
|
CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-39933
|
CVSS V3 Severity:
Base Metrics 3.7 (Low) [IPA Score]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-40160
|
|
|
A.K.I Software
- PMailServer Free edition (This product is affected by CVE-2023-39223 (pmam.exe) only.)
- PMailServer Standard edition Version 1.91 and earlier
- PMailServer Pro edition Version 1.91 and earlier
- PMailServer Standard + IMAP4 edition Version 1.91 and earlier
- PMailServer Pro + IMAP4 edition Version 1.91 and earlier
- PMailServer2 Standard edition prior to Version 2.51a
- PMailServer2 Pro edition prior to Version 2.51a
- PMailServer2 Standard + IMAP4 edition prior to Version 2.51a
- PMailServer2 Pro + IMAP4 edition prior to Version 2.51a
- PMailServer2 Enterprise edition prior to Version 2.51a
|
The following CGIs included with the above products are affected by the vulnerabilities.
* pmc.exe 2.5.1.720 and earlier
* pmam.exe 2.5.1.1411 and earlier
* pmmls.exe 2.5.1.561 and earlier
* pmum.exe (Standard edition) 2.5.1.25451 and earlier
* pmum.exe (Pro edition) 2.5.1.25452 and earlier
* pmum.exe (Standard + IMAP4 edition) 2.5.1.25453 and earlier
* pmum.exe (Pro + IMAP4 edition / Enterprise edition) 2.5.1.25454 and earlier
* pmman.exe (Standard edition) 2.5.1.12154 and earlier
* pmman.exe (Pro edition) 2.5.1.12155 and earlier
* pmman.exe (Standard + IMAP4 edition) 2.5.1.12156 and earlier
* pmman.exe (Pro + IMAP4 edition) 2.5.1.12157 and earlier
* pmman.exe (Enterprise edition) 2.5.1.12158 and earlier
|
|
* An arbitrary script may be executed on a logged-in user's web browser - CVE-2023-39223
* A user who can upload files through the product may execute an arbitrary excutable file with the web server's execution privilege - CVE-2023-39933
* A remote attacker may obtain arbitrary files on the server - CVE-2023-40160
* A remote attacker may access arbitrary files outside DocumentRoot - CVE-2023-40747
|
|
For PMailServer2:
[Apply Update file]
Apply Update file according to the information provided by the developer.
For PMailServer:
[Stop using the product's CGIs or Switch to alternative products]
The developer states that the affected products are no longer being developed, and Update files will not be provided.
The developer recommends stop using the product's CGIs or switching to an alternative product "PMailServer2".
[Apply the Workarounds]
The developer provides workarounds for these vulnerabilities.
For more information, please refer to the developer's website (in Japanse).
|
|
A.K.I Software
|
|
- Path Traversal(CWE-22) [IPA Evaluation]
- Cross-site Scripting(CWE-79) [IPA Evaluation]
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2023-39223
- CVE-2023-39933
- CVE-2023-40160
- CVE-2023-40747
|
|
- JVN : JVN#92720882
|
|
- [2023/09/05]
Web page was published
|
