CVE-2020-25848
CRITICAL WAF: Low
CVSS 9.8
Published: 2020-12-31
CWE-287
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hgiga | msr45_isherlock-antispam | up to 4.5-130 |
| hgiga | msr45_isherlock-audit | up to 4.5-143 |
| hgiga | msr45_isherlock-base | up to 4.5-243 |
| hgiga | msr45_isherlock-user | up to 4.5-114 |
| hgiga | msr45_isherlock-useradmin | up to 4.5-122 |
| hgiga | ssr45_isherlock-antispam | up to 4.5-130 |
| hgiga | ssr45_isherlock-audit | up to 4.5-143 |
| hgiga | ssr45_isherlock-base | up to 4.5-243 |
| hgiga | ssr45_isherlock-user | up to 4.5-114 |
| hgiga | ssr45_isherlock-useradmin | up to 4.5-112 |
References
- www.twcert.org.tw (Third Party Advisory)