cbcvebase.
CVE-2023-22278
published 2023-01-17

CVE-2023-22278: m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication…

PriorityP181medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.71%
48.7th percentile
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.

Affected

3 ranges
VendorProductVersion rangeFixed in
dajm-filter>= 4.0 < 4.87r044.87r04
dajm-filter>= 5.0 < 5.70r015.70r01
digital_arts_incm-filter_ver.5_series_and_ver.4_series

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.