CVE-2022-42136 (GCVE-0-2022-42136)
Vulnerability from cvelistv5 – Published: 2023-01-13 00:00 – Updated: 2025-04-07 18:57
VLAI?
Summary
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/ahLNMf5n"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:56:43.334542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:57:17.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"
},
{
"url": "https://pastebin.com/ahLNMf5n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42136",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2022-10-03T00:00:00.000Z",
"dateUpdated": "2025-04-07T18:57:17.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"8.66\", \"matchCriteriaId\": \"0BD1DC6B-569B-4A68-A940-8DD7D46B0EC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*\", \"versionEndExcluding\": \"8.66\", \"matchCriteriaId\": \"F00FBB02-0396-48FD-A212-B8AA0EED5EB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*\", \"versionEndExcluding\": \"8.66\", \"matchCriteriaId\": \"04012D59-A1A5-4E0D-9D09-B916DF4109C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*\", \"versionEndExcluding\": \"8.66\", \"matchCriteriaId\": \"236A06C3-A366-46E8-AA7A-6BB0076B747F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"9.0\", \"versionEndExcluding\": \"9.85\", \"matchCriteriaId\": \"FB5FA14B-9800-4944-914B-6F5EC3AFE2D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*\", \"versionStartIncluding\": \"9.0\", \"versionEndExcluding\": \"9.85\", \"matchCriteriaId\": \"4335FB0F-3311-4DB4-82F7-A1951FD2972C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*\", \"versionStartIncluding\": \"9.0\", \"versionEndExcluding\": \"9.85\", \"matchCriteriaId\": \"12E681AC-2B1C-4848-A7F3-D32412F971E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*\", \"versionStartIncluding\": \"9.0\", \"versionEndExcluding\": \"9.85\", \"matchCriteriaId\": \"9DAB75C2-9F57-4E54-80EC-B69147E619D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"10.00\", \"versionEndExcluding\": \"10.42\", \"matchCriteriaId\": \"7BF6CDCE-2212-49CF-ADA1-F066D126B970\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*\", \"versionStartIncluding\": \"10.00\", \"versionEndExcluding\": \"10.42\", \"matchCriteriaId\": \"DD783D53-EEA4-4DBC-B105-E224E4AE978B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*\", \"versionStartIncluding\": \"10.00\", \"versionEndExcluding\": \"10.42\", \"matchCriteriaId\": \"DE07E64E-C8C4-40D7-AF5D-54C684CF29C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*\", \"versionStartIncluding\": \"10.00\", \"versionEndExcluding\": \"10.42\", \"matchCriteriaId\": \"D2D9F41A-E2A3-495C-90A7-F56104291EDA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.\"}, {\"lang\": \"es\", \"value\": \"Los usuarios de correo autenticados, en circunstancias espec\\u00edficas, pod\\u00edan agregar archivos con contenido no desinfectado en carpetas p\\u00fablicas a las que el usuario de IIS ten\\u00eda permiso para acceder. Esa acci\\u00f3n podr\\u00eda llevar a un atacante a almacenar c\\u00f3digo arbitrario en esos archivos y ejecutar comandos RCE.\"}]",
"id": "CVE-2022-42136",
"lastModified": "2024-11-21T07:24:26.187",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-01-13T21:15:15.523",
"references": "[{\"url\": \"https://pastebin.com/ahLNMf5n\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mailenable.com/kb/content/article.asp?ID=ME020737\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pastebin.com/ahLNMf5n\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mailenable.com/kb/content/article.asp?ID=ME020737\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-42136\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-01-13T21:15:15.523\",\"lastModified\":\"2025-04-07T19:15:43.457\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.\"},{\"lang\":\"es\",\"value\":\"Los usuarios de correo autenticados, en circunstancias espec\u00edficas, pod\u00edan agregar archivos con contenido no depurado en carpetas p\u00fablicas a las que el usuario de IIS ten\u00eda permiso para acceder. Esa acci\u00f3n podr\u00eda llevar a un atacante a almacenar c\u00f3digo arbitrario en esos archivos y ejecutar comandos RCE.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"8.66\",\"matchCriteriaId\":\"0BD1DC6B-569B-4A68-A940-8DD7D46B0EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*\",\"versionEndExcluding\":\"8.66\",\"matchCriteriaId\":\"F00FBB02-0396-48FD-A212-B8AA0EED5EB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*\",\"versionEndExcluding\":\"8.66\",\"matchCriteriaId\":\"04012D59-A1A5-4E0D-9D09-B916DF4109C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*\",\"versionEndExcluding\":\"8.66\",\"matchCriteriaId\":\"236A06C3-A366-46E8-AA7A-6BB0076B747F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.85\",\"matchCriteriaId\":\"FB5FA14B-9800-4944-914B-6F5EC3AFE2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.85\",\"matchCriteriaId\":\"4335FB0F-3311-4DB4-82F7-A1951FD2972C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.85\",\"matchCriteriaId\":\"12E681AC-2B1C-4848-A7F3-D32412F971E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.85\",\"matchCriteriaId\":\"9DAB75C2-9F57-4E54-80EC-B69147E619D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"10.00\",\"versionEndExcluding\":\"10.42\",\"matchCriteriaId\":\"7BF6CDCE-2212-49CF-ADA1-F066D126B970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*\",\"versionStartIncluding\":\"10.00\",\"versionEndExcluding\":\"10.42\",\"matchCriteriaId\":\"DD783D53-EEA4-4DBC-B105-E224E4AE978B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*\",\"versionStartIncluding\":\"10.00\",\"versionEndExcluding\":\"10.42\",\"matchCriteriaId\":\"DE07E64E-C8C4-40D7-AF5D-54C684CF29C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*\",\"versionStartIncluding\":\"10.00\",\"versionEndExcluding\":\"10.42\",\"matchCriteriaId\":\"D2D9F41A-E2A3-495C-90A7-F56104291EDA\"}]}]}],\"references\":[{\"url\":\"https://pastebin.com/ahLNMf5n\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mailenable.com/kb/content/article.asp?ID=ME020737\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pastebin.com/ahLNMf5n\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mailenable.com/kb/content/article.asp?ID=ME020737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mailenable.com/kb/content/article.asp?ID=ME020737\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://pastebin.com/ahLNMf5n\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:03:45.370Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-42136\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-07T18:56:43.334542Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-07T18:57:10.734Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.mailenable.com/kb/content/article.asp?ID=ME020737\"}, {\"url\": \"https://pastebin.com/ahLNMf5n\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-01-13T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-42136\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-07T18:57:17.268Z\", \"dateReserved\": \"2022-10-03T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-01-13T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…