What is CVE-2023-4595?

CVE-2023-4595 is a vulnerability that allows a remote user to retrieve sensitive information stored on the server.

How does CVE-2023-4595 work?

CVE-2023-4595 works by allowing a remote user to append certain parameters to the end of a file or directory path, which then exposes sensitive information.

What is the severity of CVE-2023-4595?

CVE-2023-4595 has a severity rating of 7.5, which is considered high.

Which software is affected by CVE-2023-4595?

The Seattlelab Slmail software version 5.5.0.4433 is affected by CVE-2023-4595.

How do I fix CVE-2023-4595?

To fix CVE-2023-4595, it is recommended to apply the latest security patches or updates provided by the software vendor.

Vulnerability/
CVE-2023-4595

high

7.5

CWE

538

23/11/2023

2/8/2024

CVE-2023-4595: Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail

First published: Thu Nov 23 2023(Updated: )

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca.

Credit: cve-coordination@incibe.es

Affected Software	Affected Version	How to fix
All of
Seattlelab Slmail	=5.5.0.4433
Microsoft Windows

Remedy

There is no reported solution at the moment.

Never miss a vulnerability like this again

Reference Links

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail

Frequently Asked Questions

What is CVE-2023-4595?
CVE-2023-4595 is a vulnerability that allows a remote user to retrieve sensitive information stored on the server.
How does CVE-2023-4595 work?
CVE-2023-4595 works by allowing a remote user to append certain parameters to the end of a file or directory path, which then exposes sensitive information.
What is the severity of CVE-2023-4595?
CVE-2023-4595 has a severity rating of 7.5, which is considered high.
Which software is affected by CVE-2023-4595?
The Seattlelab Slmail software version 5.5.0.4433 is affected by CVE-2023-4595.
How do I fix CVE-2023-4595?
To fix CVE-2023-4595, it is recommended to apply the latest security patches or updates provided by the software vendor.

collector/nvd-api
agent/references
agent/title
agent/severity
agent/weakness
agent/author
agent/tags
agent/event
agent/type
agent/description
agent/remedy
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/seattlelab
canonical/seattlelab slmail
version/seattlelab slmail/5.5.0.4433
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.