CVE-2024-5670
CRITICALSoftnext Mail SQR Expert and Mail Archiving Expert - Unauthenticated OS Command Injection
Title source: llmDescription
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
https://www.twcert.org.tw/tw/cp-132-7958-817f4-1.html
Third Party Advisory vendor-advisory
https://www.twcert.org.tw/en/cp-139-7959-09d0e-2.html
Scores
CVSS v3
9.8
EPSS
0.0090
EPSS Percentile
54.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (3)
softnext/sn_os
10.3
softnext/sn_os
12.1
softnext/sn_os
12.3
Published
Jul 29, 2024
Tracked Since
Feb 18, 2026