CVE-2023-22278
published 2023-01-17CVE-2023-22278: m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication…
PriorityP181medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.71%
48.7th percentile
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| daj | m-filter | >= 4.0 < 4.87r04 | 4.87r04 |
| daj | m-filter | >= 5.0 < 5.70r01 | 5.70r01 |
| digital_arts_inc | m-filter_ver.5_series_and_ver.4_series | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-722g-wg5c-74m2: m-FILTER prior to Ver
ghsa_unreviewed·2023-01-17
CVE-2023-22278 [MEDIUM] CWE-287 GHSA-722g-wg5c-74m2: m-FILTER prior to Ver
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
VulnCheck
m-FILTER Email Authentication Bypass Vulnerability
vulncheck·2023·CVSS 5.3
CVE-2023-22278 [MEDIUM] m-FILTER Email Authentication Bypass Vulnerability
m-FILTER Email Authentication Bypass Vulnerability
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
Affected: daj m-filter
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://jvn.jp/jp/JVN55675303/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-17
Published
Exploited in the wild