CVE-2023-45727: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...

0.0 CVSS

Description

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

Known Exploited

🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).

Classification

CVE ID: CVE-2023-45727

CVSS Base Severity: LOW

CVSS Base Score: 0.0

CVSS Vector:

Affected Products

Vendor: North Grid Corporation

Product: Proself Enterprise/Standard Edition

Exploit Prediction Scoring System (EPSS)

EPSS Score: 23.62% (probability of being exploited)

EPSS Percentile: 96.65% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.proself.jp/information/153/
https://jvn.jp/en/jp/JVN95981460/

Timeline

2024-12-03 00:11:35 UTC
CVE

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...
2024-12-03 15:20:41 UTC
🚨 Marked as Known Exploited
2024-12-03 15:20:49 UTC
CISA KEV

North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability