cbcvebase.
CVE-2023-45727
published 2023-10-18

CVE-2023-45727: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier…

PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-12-24
Exploited in the wild
EPSS
3.54%
87.8th percentile
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

Affected

6 ranges
VendorProductVersion rangeFixed in
north_grid_corporationproself_enterprise_standard_edition
north_grid_corporationproself_gateway_edition
north_grid_corporationproself_mail_sanitize_edition
northgridproself< 1.091.09
northgridproself< 1.661.66
northgridproself< 5.635.63

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated HTTP requests containing malformed/crafted XML data targeting Proself endpoints, which may indicate XXE exploitation attempts
  • Monitor for XXE-characteristic payloads (e.g., DOCTYPE/ENTITY declarations referencing local file paths) in requests to Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier
  • Alert on unauthenticated access patterns to Proself services, particularly requests that result in file read operations of account information files on the server
  • ·Vulnerability affects multiple Proself product lines with distinct version thresholds; ensure version checks cover all three affected editions
  • ·Exploitation requires no authentication, meaning perimeter controls blocking unauthenticated users are insufficient — the attack surface is fully externally exposed
  • ·This CVE is listed in CISA KEV with a remediation due date of 2024-12-24, indicating confirmed active exploitation in the wild

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.