CVE-2022-42136 - Vulnerability Details - OpenCVE

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mailenable	Mailenable

Configuration 1 [-]

OR	cpe:2.3:a:mailenable:mailenable:::::enterprise:::*
	cpe:2.3:a:mailenable:mailenable:::::enterprise_premium:::*
	cpe:2.3:a:mailenable:mailenable:::::professional:::*
	cpe:2.3:a:mailenable:mailenable:::::standard:::*
	cpe:2.3:a:mailenable:mailenable:::::enterprise:::*
	cpe:2.3:a:mailenable:mailenable:::::enterprise_premium:::*
	cpe:2.3:a:mailenable:mailenable:::::professional:::*
	cpe:2.3:a:mailenable:mailenable:::::standard:::*
	cpe:2.3:a:mailenable:mailenable:::::enterprise:::*
	cpe:2.3:a:mailenable:mailenable:::::enterprise_premium:::*
	cpe:2.3:a:mailenable:mailenable:::::professional:::*
	cpe:2.3:a:mailenable:mailenable:::::standard:::*

No data.

References

Link	Providers
https://pastebin.com/ahLNMf5n
https://www.mailenable.com/kb/content/article.asp?ID=ME020737

History

Mon, 07 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-13T00:00:00.000Z

Updated: 2025-04-07T18:57:17.268Z

Reserved: 2022-10-03T00:00:00.000Z

Link: CVE-2022-42136

Vulnrichment

Updated: 2024-08-03T13:03:45.370Z

NVD

Status : Modified

Published: 2023-01-13T21:15:15.523

Modified: 2025-04-07T19:15:43.457

Link: CVE-2022-42136

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42136", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-07T18:57:17.268Z", "dateReserved": "2022-10-03T00:00:00.000Z", "datePublished": "2023-01-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-13T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}, {"url": "https://pastebin.com/ahLNMf5n"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.370Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737", "tags": ["x_transferred"]}, {"url": "https://pastebin.com/ahLNMf5n", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T18:56:43.334542Z", "id": "CVE-2022-42136", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T18:57:17.268Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737", "tags": ["x_transferred"]}, {"url": "https://pastebin.com/ahLNMf5n", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.370Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-42136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-07T18:56:43.334542Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T18:57:10.734Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}, {"url": "https://pastebin.com/ahLNMf5n"}], "descriptions": [{"lang": "en", "value": "Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-13T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42136", "state": "PUBLISHED", "dateUpdated": "2025-04-07T18:57:17.268Z", "dateReserved": "2022-10-03T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-01-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0BD1DC6B-569B-4A68-A940-8DD7D46B0EC7", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*", "matchCriteriaId": "F00FBB02-0396-48FD-A212-B8AA0EED5EB1", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*", "matchCriteriaId": "04012D59-A1A5-4E0D-9D09-B916DF4109C7", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "matchCriteriaId": "236A06C3-A366-46E8-AA7A-6BB0076B747F", "versionEndExcluding": "8.66", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FB5FA14B-9800-4944-914B-6F5EC3AFE2D3", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*", "matchCriteriaId": "4335FB0F-3311-4DB4-82F7-A1951FD2972C", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*", "matchCriteriaId": "12E681AC-2B1C-4848-A7F3-D32412F971E5", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "matchCriteriaId": "9DAB75C2-9F57-4E54-80EC-B69147E619D1", "versionEndExcluding": "9.85", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7BF6CDCE-2212-49CF-ADA1-F066D126B970", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:*", "matchCriteriaId": "DD783D53-EEA4-4DBC-B105-E224E4AE978B", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:professional:*:*:*", "matchCriteriaId": "DE07E64E-C8C4-40D7-AF5D-54C684CF29C8", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "matchCriteriaId": "D2D9F41A-E2A3-495C-90A7-F56104291EDA", "versionEndExcluding": "10.42", "versionStartIncluding": "10.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands."}, {"lang": "es", "value": "Los usuarios de correo autenticados, en circunstancias espec\u00edficas, pod\u00edan agregar archivos con contenido no desinfectado en carpetas p\u00fablicas a las que el usuario de IIS ten\u00eda permiso para acceder. Esa acci\u00f3n podr\u00eda llevar a un atacante a almacenar c\u00f3digo arbitrario en esos archivos y ejecutar comandos RCE."}], "id": "CVE-2022-42136", "lastModified": "2025-04-07T19:15:43.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-13T21:15:15.523", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/ahLNMf5n"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/ahLNMf5n"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mailenable.com/kb/content/article.asp?ID=ME020737"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}