CVE-2024-5399

{"id": "CVE-2024-5399", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-05-27T04:15:09.300", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7817-6ce29-1.html", "tags": ["Vendor Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7817-6ce29-1.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server."}, {"lang": "es", "value": "Openfind Mail2000 no filtra correctamente los par\u00e1metros de una API espec\u00edfica. Los atacantes remotos con privilegios administrativos pueden aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el servidor remoto."}], "lastModified": "2026-01-26T13:49:40.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1762976A-2372-49D5-BD94-77F8C0C86DC2"}, {"criteria": "cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC17A2D8-B006-4738-A6CB-F6B277460B6B"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}