Sign-up

ID

VAR-202208-1958


CVE

CVE-2022-37242


TITLE

MDaemon Technologies  of  security gateway for email servers  Injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015716

DESCRIPTION

MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. MDaemon Technologies of security gateway for email servers There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-37242 // JVNDB: JVNDB-2022-015716 // VULHUB: VHN-427849

AFFECTED PRODUCTS

vendor:altnmodel:security gateway for email serversscope:eqversion:8.5.2

Trust: 1.0

vendor:mdaemonmodel:security gateway for email serversscope:eqversion: -

Trust: 0.8

vendor:mdaemonmodel:security gateway for email serversscope:eqversion:8.5.2

Trust: 0.8

vendor:mdaemonmodel:security gateway for email serversscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015716 // NVD: CVE-2022-37242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-37242
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-37242
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202208-3875
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-37242
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-37242
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015716 // CNNVD: CNNVD-202208-3875 // NVD: CVE-2022-37242

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-015716 // NVD: CVE-2022-37242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3875

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-3875

PATCH

title:Alt-N MDaemon Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206059

Trust: 0.6

sources: CNNVD: CNNVD-202208-3875

EXTERNAL IDS

db:NVDid:CVE-2022-37242

Trust: 3.3

db:JVNDBid:JVNDB-2022-015716

Trust: 0.8

db:CNNVDid:CNNVD-202208-3875

Trust: 0.6

db:VULHUBid:VHN-427849

Trust: 0.1

sources: VULHUB: VHN-427849 // JVNDB: JVNDB-2022-015716 // CNNVD: CNNVD-202208-3875 // NVD: CVE-2022-37242

REFERENCES

url:https://files.mdaemon.com/securitygateway/release/relnotes_en.htm

Trust: 2.5

url:https://gtn.com.np/wp-content/uploads/2022/07/http-response-splitting-through-data-parameter.pdf

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-37242

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-37242/

Trust: 0.6

sources: VULHUB: VHN-427849 // JVNDB: JVNDB-2022-015716 // CNNVD: CNNVD-202208-3875 // NVD: CVE-2022-37242

SOURCES

db:VULHUBid:VHN-427849
db:JVNDBid:JVNDB-2022-015716
db:CNNVDid:CNNVD-202208-3875
db:NVDid:CVE-2022-37242

LAST UPDATE DATE

2024-08-14T15:11:17.635000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-427849date:2022-08-29T00:00:00
db:JVNDBid:JVNDB-2022-015716date:2023-09-28T08:07:00
db:CNNVDid:CNNVD-202208-3875date:2022-08-30T00:00:00
db:NVDid:CVE-2022-37242date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-427849date:2022-08-25T00:00:00
db:JVNDBid:JVNDB-2022-015716date:2023-09-28T00:00:00
db:CNNVDid:CNNVD-202208-3875date:2022-08-25T00:00:00
db:NVDid:CVE-2022-37242date:2022-08-25T15:15:09.953