CVE-2024-4298

Published: Apr 29, 2024Modified: Jan 26, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.

Affected (2)

Products: Hgiga: Isherlock

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hgiga Isherlock	From 4.5 to 4.5-188
Hgiga Isherlock	From 5.5 to 5.5-188

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290

Source: twcert@cert.org.tw

Third Party Advisory

https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.chtsecurity.com/news/4559fabd-43d1-4324-a0b3-f459a05c2290

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.chtsecurity.com/news/f67fd9b5-cb7a-42e4-bcb7-cc1c73d1f851

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.