Unrated severityNVD Advisory· Published Nov 23, 2023· Updated Aug 2, 2024

Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail

CVE-2023-4595

Description

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Affected products

Bvrp Software/Slmailv5
Range: 5.5.0.4433

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmailmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000