Vulnerability Details CVE-2020-25849
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2020-25849
-
cpe:2.3:a:openfind:mailaudit:4.0
-
cpe:2.3:a:openfind:mailaudit:5.0
-
cpe:2.3:a:openfind:mailgates:4.0
-
cpe:2.3:a:openfind:mailgates:5.0