Unrated severityNVD Advisory· Published May 27, 2024· Updated Aug 1, 2024

Openfind Mail2000 - OS Command Injection

CVE-2024-5399

Description

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.

Affected products

Openfind/Mail2000llm-fuzzy3 versions
(expand)+ 2 more
- (no CPE)
- (no CPE)range: Patch 55
- (no CPE)range: earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/tw/cp-132-7817-6ce29-1.htmlmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000