CVE-2019-9883
Last modified
CVE-2019-9883 is a vulnerability of currently unknown severity. Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Msr35 Isherlock-Base | < 1.5.328 |
| Hgiga | Msr35 Isherlock-Sysinfo | < 1.5.196 |
| Hgiga | Msr35 Isherlock-User | < 1.5.127 |
| Hgiga | Msr35 Isherlock-Useradmin | < 1.5.239 |
| Hgiga | Msr45 Isherlock-Base | < 4.5-206 |
| Hgiga | Msr45 Isherlock-Sysinfo | < 4.5-109 |
| Hgiga | Msr45 Isherlock-User | < 4.5-81 |
| Hgiga | Msr45 Isherlock-Useradmin | < 4.5-106 |
References
- http://surl.twcert.org.tw/mChNiExploit, Third Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201904003Exploit, Third Party Advisory
- http://surl.twcert.org.tw/mChNiExploit, Third Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201904003Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9883?
How severe is CVE-2019-9883?
How do I fix CVE-2019-9883?
Are you affected by CVE-2019-9883?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST