Sign-up

ID

VAR-202208-1807


CVE

CVE-2022-37240


TITLE

MDaemon Technologies  of  security gateway for email servers  Injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015717

DESCRIPTION

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. MDaemon Technologies of security gateway for email servers There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-37240 // JVNDB: JVNDB-2022-015717 // VULHUB: VHN-427851

AFFECTED PRODUCTS

vendor:altnmodel:security gateway for email serversscope:eqversion:8.5.2

Trust: 1.0

vendor:mdaemonmodel:security gateway for email serversscope:eqversion: -

Trust: 0.8

vendor:mdaemonmodel:security gateway for email serversscope:eqversion:8.5.2

Trust: 0.8

vendor:mdaemonmodel:security gateway for email serversscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015717 // NVD: CVE-2022-37240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-37240
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-37240
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202208-3871
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-37240
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-37240
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015717 // CNNVD: CNNVD-202208-3871 // NVD: CVE-2022-37240

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-015717 // NVD: CVE-2022-37240

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3871

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-3871

PATCH

title:Alt-N MDaemon Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206056

Trust: 0.6

sources: CNNVD: CNNVD-202208-3871

EXTERNAL IDS

db:NVDid:CVE-2022-37240

Trust: 3.3

db:JVNDBid:JVNDB-2022-015717

Trust: 0.8

db:CNNVDid:CNNVD-202208-3871

Trust: 0.6

db:VULHUBid:VHN-427851

Trust: 0.1

sources: VULHUB: VHN-427851 // JVNDB: JVNDB-2022-015717 // CNNVD: CNNVD-202208-3871 // NVD: CVE-2022-37240

REFERENCES

url:https://files.mdaemon.com/securitygateway/release/relnotes_en.htm

Trust: 2.5

url:https://gtn.com.np/wp-content/uploads/2022/07/http-response-splitting-through-format-parameter.pdf

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-37240

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-37240/

Trust: 0.6

sources: VULHUB: VHN-427851 // JVNDB: JVNDB-2022-015717 // CNNVD: CNNVD-202208-3871 // NVD: CVE-2022-37240

SOURCES

db:VULHUBid:VHN-427851
db:JVNDBid:JVNDB-2022-015717
db:CNNVDid:CNNVD-202208-3871
db:NVDid:CVE-2022-37240

LAST UPDATE DATE

2024-08-14T15:37:27.819000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-427851date:2022-08-29T00:00:00
db:JVNDBid:JVNDB-2022-015717date:2023-09-28T08:07:00
db:CNNVDid:CNNVD-202208-3871date:2022-08-30T00:00:00
db:NVDid:CVE-2022-37240date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-427851date:2022-08-25T00:00:00
db:JVNDBid:JVNDB-2022-015717date:2023-09-28T00:00:00
db:CNNVDid:CNNVD-202208-3871date:2022-08-25T00:00:00
db:NVDid:CVE-2022-37240date:2022-08-25T15:15:09.867