Vulnerability-Lookup

CVE-2023-45727 (GCVE-0-2023-45727)

Vulnerability from cvelistv5 – Published: 2023-10-18 09:01 – Updated: 2025-10-21 23:05

Summary

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

XML external entities (XXE)

Assigner

jpcert

References

URL

Tags

	https://www.proself.jp/information/153/
	https://jvn.jp/en/jp/JVN95981460/

Impacted products

Vendor

Product

Version

North Grid Corporation

Proself Enterprise/Standard Edition

Affected: Ver5.62 and earlier

	North Grid Corporation	Proself Gateway Edition	Affected: Ver1.65 and earlier
	North Grid Corporation	Proself Mail Sanitize Edition	Affected: Ver1.08 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:29:32.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.proself.jp/information/153/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN95981460/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:northgrid:proself:-:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "proself",
            "vendor": "northgrid",
            "versions": [
              {
                "lessThanOrEqual": "5.62",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:northgrid:proself:-:*:*:*:gateway:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "proself",
            "vendor": "northgrid",
            "versions": [
              {
                "lessThanOrEqual": "1.65",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:northgrid:proself:-:*:*:*:standard:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "proself",
            "vendor": "northgrid",
            "versions": [
              {
                "lessThanOrEqual": "5.62",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:northgrid:proself:-:*:*:*:mail_sanitize:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "proself",
            "vendor": "northgrid",
            "versions": [
              {
                "lessThanOrEqual": "1.08",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-45727",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T04:55:30.434626Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-12-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-611",
                "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:34.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-12-03T00:00:00.000Z",
            "value": "CVE-2023-45727 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Proself Enterprise/Standard Edition",
          "vendor": "North Grid Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver5.62 and earlier"
            }
          ]
        },
        {
          "product": "Proself Gateway Edition",
          "vendor": "North Grid Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver1.65 and earlier"
            }
          ]
        },
        {
          "product": "Proself Mail Sanitize Edition",
          "vendor": "North Grid Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver1.08 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML external entities (XXE)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-18T09:01:12.285Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.proself.jp/information/153/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN95981460/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-45727",
    "datePublished": "2023-10-18T09:01:12.285Z",
    "dateReserved": "2023-10-11T07:32:42.029Z",
    "dateUpdated": "2025-10-21T23:05:34.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-45727",
      "cwes": "[\"CWE-611\"]",
      "dateAdded": "2024-12-03",
      "dueDate": "2024-12-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://www.proself.jp/information/153/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-45727",
      "product": "Proself",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack.",
      "vendorProject": "North Grid",
      "vulnerabilityName": "North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.proself.jp/information/153/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN95981460/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:29:32.421Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45727\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-06T04:55:30.434626Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-12-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:northgrid:proself:-:*:*:*:enterprise:*:*:*\"], \"vendor\": \"northgrid\", \"product\": \"proself\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.62\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:northgrid:proself:-:*:*:*:gateway:*:*:*\"], \"vendor\": \"northgrid\", \"product\": \"proself\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.65\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:northgrid:proself:-:*:*:*:standard:*:*:*\"], \"vendor\": \"northgrid\", \"product\": \"proself\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.62\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:northgrid:proself:-:*:*:*:mail_sanitize:*:*:*\"], \"vendor\": \"northgrid\", \"product\": \"proself\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.08\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-12-03T00:00:00+00:00\", \"value\": \"CVE-2023-45727 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-13T15:14:19.772Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"North Grid Corporation\", \"product\": \"Proself Enterprise/Standard Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver5.62 and earlier\"}]}, {\"vendor\": \"North Grid Corporation\", \"product\": \"Proself Gateway Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver1.65 and earlier\"}]}, {\"vendor\": \"North Grid Corporation\", \"product\": \"Proself Mail Sanitize Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver1.08 and earlier\"}]}], \"references\": [{\"url\": \"https://www.proself.jp/information/153/\"}, {\"url\": \"https://jvn.jp/en/jp/JVN95981460/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"XML external entities (XXE)\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2023-10-18T09:01:12.285Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-45727\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:34.245Z\", \"dateReserved\": \"2023-10-11T07:32:42.029Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2023-10-18T09:01:12.285Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-45727

Vulnerability from fkie_nvd - Published: 2023-10-18 10:15 - Updated: 2025-10-24 20:48

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN95981460/	Third Party Advisory
vultures@jpcert.or.jp	https://www.proself.jp/information/153/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN95981460/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.proself.jp/information/153/	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727	US Government Resource

Impacted products

Vendor	Product	Version
northgrid	proself	*
northgrid	proself	*
northgrid	proself	*
northgrid	proself	*

JSON

To clipboard

{
  "cisaActionDue": "2024-12-24",
  "cisaExploitAdd": "2024-12-03",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:mail_sanitize:*:*:*",
              "matchCriteriaId": "6D6F51B5-6B83-41C4-A1F6-9D10CB601DB5",
              "versionEndExcluding": "1.09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:gateway:*:*:*",
              "matchCriteriaId": "F1BB1954-50C1-40A8-9F47-415ECBB6259F",
              "versionEndExcluding": "1.66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "66942ECC-2DB7-4B63-9364-FC7D71722355",
              "versionEndExcluding": "5.63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:standard:*:*:*",
              "matchCriteriaId": "1ED1659B-802E-4F0F-9CF3-BD1BBED1A27F",
              "versionEndExcluding": "5.63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker."
    },
    {
      "lang": "es",
      "value": "Proself Enterprise/Standard Edition Ver5.62 y anteriores, Proself Gateway Edition Ver1.65 y anteriores, y Proself Mail Sanitize Edition Ver1.08 y anteriores permiten a un atacante remoto no autenticado realizar ataques de entidad externa XML (XXE). Al procesar una solicitud especialmente manipulada que contiene datos XML con formato incorrecto, el atacante puede leer archivos arbitrarios en el servidor que contienen informaci\u00f3n de la cuenta."
    }
  ],
  "id": "CVE-2023-45727",
  "lastModified": "2025-10-24T20:48:10.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-10-18T10:15:08.643",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN95981460/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.proself.jp/information/153/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN95981460/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.proself.jp/information/153/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2023-45727

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-45727

Aliases

CVE-2023-45727

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-45727",
    "id": "GSD-2023-45727"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-45727"
      ],
      "details": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.",
      "id": "GSD-2023-45727",
      "modified": "2023-12-13T01:20:37.996010Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2023-45727",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Proself Enterprise/Standard Edition",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver5.62 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Proself Gateway Edition",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver1.65 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Proself Mail Sanitize Edition",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver1.08 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "North Grid Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "XML external entities (XXE)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.proself.jp/information/153/",
            "refsource": "MISC",
            "url": "https://www.proself.jp/information/153/"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN95981460/",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN95981460/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:northgrid:proself:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.63",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:northgrid:proself:*:*:*:*:gateway:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.66",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:northgrid:proself:*:*:*:*:mail_sanitize:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.09",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:northgrid:proself:*:*:*:*:standard:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.63",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2023-45727"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.proself.jp/information/153/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.proself.jp/information/153/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN95981460/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN95981460/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-10-25T17:31Z",
      "publishedDate": "2023-10-18T10:15Z"
    }
  }
}

JVNDB-2023-000104

Vulnerability from jvndb - Published: 2023-10-18 18:00 - Updated:2024-05-15 17:08

Severity ?

7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Improper restriction of XML external entity references (XXE) in Proself

Details

Proself provided by North Grid Corporation improperly restricts XML external entity references (XXE) (CWE-611). The developer states that attacks exploiting this vulnerability have been observed. North Grid Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and North Grid Corporation coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN95981460/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-45727
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-45727
	IPA SECURITY ALERTS	https://www.ipa.go.jp/security/security-alert/2023/20231018-jvn.html
	JPCERT-WR	https://www.jpcert.or.jp/at/2023/at230022.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

North Grid Corporation

Proself

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000104.html",
  "dc:date": "2024-05-15T17:08+09:00",
  "dcterms:issued": "2023-10-18T18:00+09:00",
  "dcterms:modified": "2024-05-15T17:08+09:00",
  "description": "Proself provided by North Grid Corporation improperly restricts XML external entity references (XXE) (CWE-611).\r\nThe developer states that attacks exploiting this vulnerability have been observed.\r\n\r\nNorth Grid Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and North Grid Corporation coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000104.html",
  "sec:cpe": {
    "#text": "cpe:/a:northgrid:proself",
    "@product": "Proself",
    "@vendor": "North Grid Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000104",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN95981460/index.html",
      "@id": "JVN#95981460",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-45727",
      "@id": "CVE-2023-45727",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-45727",
      "@id": "CVE-2023-45727",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/security-alert/2023/20231018-jvn.html",
      "@id": "Security Alert for Vulnerability in Proself (JVN#95981460)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.jpcert.or.jp/at/2023/at230022.html",
      "@id": "JPCERT-AT-2023-0022",
      "@source": "JPCERT-WR"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Improper restriction of XML external entity references (XXE) in Proself"
}

GHSA-M745-JCVJ-8CX6

Vulnerability from github – Published: 2023-10-18 12:30 – Updated: 2025-10-22 00:32

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-45727"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-18T10:15:08Z",
    "severity": "HIGH"
  },
  "details": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.",
  "id": "GHSA-m745-jcvj-8cx6",
  "modified": "2025-10-22T00:32:51Z",
  "published": "2023-10-18T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45727"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN95981460"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727"
    },
    {
      "type": "WEB",
      "url": "https://www.proself.jp/information/153"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-45727

Vulnerability from fstec - Published: 17.10.2023

Title

Уязвимость программных продуктов Proself Enterprise/Standard Edition, Proself Gateway Edition и Proself Mail Sanitize Edition, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю проводить XXE-атаки

Description

Уязвимость программных продуктов Proself Enterprise/Standard Edition, Proself Gateway Edition и Proself Mail Sanitize Edition связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить XXE-атаки

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

Proself

Software Name

Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition

Software Version

до 5.62 включительно (Proself Enterprise/Standard Edition), до 1.65 включительно (Proself Gateway Edition), до 1.08 включительно (Proself Mail Sanitize Edition)

Possible Mitigations

Использование рекомендаций производителя: https://www.proself.jp/information/153/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-45727 https://jvn.jp/en/jp/JVN95981460/ https://www.proself.jp/information/153/

CWE

CWE-611

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Proself",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.62 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Proself Enterprise/Standard Edition), \u0434\u043e 1.65 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Proself Gateway Edition), \u0434\u043e 1.08 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Proself Mail Sanitize Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.proself.jp/information/153/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.04.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04926",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-45727",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Proself Enterprise/Standard Edition, Proself Gateway Edition, Proself Mail Sanitize Edition",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Proself Enterprise/Standard Edition, Proself Gateway Edition \u0438 Proself Mail Sanitize Edition, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b (CWE-611)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Proself Enterprise/Standard Edition, Proself Gateway Edition \u0438 Proself Mail Sanitize Edition \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2023-45727\nhttps://jvn.jp/en/jp/JVN95981460/\nhttps://www.proself.jp/information/153/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-611",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-45727 (GCVE-0-2023-45727)

FKIE_CVE-2023-45727

GSD-2023-45727

JVNDB-2023-000104

GHSA-M745-JCVJ-8CX6

CVE-2023-45727

Tags

Sightings

Nomenclature