CVE-2023-45727
HIGH KEVProself Enterprise/Standard Edition <= 5.62, Gateway Edition <= 1.65, Mail Sanitize Edition <= 1.08 - XXE Injection
Title source: llmExploitation Summary
CVE-2023-45727 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 3, 2024.
Description
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
References (3)
Core 3
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN95981460/
Vendor Advisory
https://www.proself.jp/information/153/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727
Scores
CVSS v3
7.5
EPSS
0.2105
EPSS Percentile
95.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2024-12-03
VulnCheck KEV
2024-09-13
InTheWild.io
2024-12-03
ENISA EUVD
EUVD-2023-50016
CWE
CWE-611
Status
published
Products (3)
northgrid/proself
< 1.09
northgrid/proself
< 1.66
northgrid/proself
< 5.63 (2 CPE variants)
Published
Oct 18, 2023
KEV Added
Dec 03, 2024
Tracked Since
Feb 18, 2026