CVE-2020-12782: Openfind MailGates - Command Injection
First published: Tue Jun 23 2020(Updated: )
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openfind Mailaudit | =5.0 | |
| Openfind MailGates | =5.0 |
Remedy
Update to version 5.2.7.036, or contact with Openfind.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12782?
CVE-2020-12782 is a Command Injection flaw in Openfind MailGates that allows unauthorized access to system files.
How does CVE-2020-12782 work?
CVE-2020-12782 is triggered when receiving an email with specific strings, allowing malicious code in the mail attachment to gain unauthorized access to system files.
Which software versions are affected by CVE-2020-12782?
Openfind Mailaudit 5.0 and Openfind MailGates 5.0 are affected by CVE-2020-12782.
What is the severity of CVE-2020-12782?
CVE-2020-12782 is classified as critical with a severity rating of 9.8.
How can I fix CVE-2020-12782?
Patch or upgrade Openfind Mailaudit and Openfind MailGates to a version that addresses the Command Injection flaw.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/title
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/openfind
- canonical/openfind mailaudit
- version/openfind mailaudit/5.0
- canonical/openfind mailgates
- version/openfind mailgates/5.0