Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Aki
  • Pmman.exe\/enterprise Edition\/
  • Pmman.exe\/pro Edition\/
  • Pmman.exe\/pro Plus Imap4 Edition\/
  • Pmman.exe\/standard Edition\/
  • Pmman.exe\/standard Plus Imap4 Edition

No data.

No data.

References
Link Providers
https://akisoftware.com/Vulnerability202301.html cve-icon cve-icon
https://jvn.jp/en/jp/JVN92720882/ cve-icon cve-icon
History

Tue, 18 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Aki
Aki pmman.exe\/enterprise Edition\/
Aki pmman.exe\/pro Edition\/
Aki pmman.exe\/pro Plus Imap4 Edition\/
Aki pmman.exe\/standard Edition\/
Aki pmman.exe\/standard Plus Imap4 Edition
Weaknesses CWE-22
CPEs cpe:2.3:a:aki:pmman.exe\/enterprise_edition\/:*:*:*:*:*:*:*:*
cpe:2.3:a:aki:pmman.exe\/pro_edition\/:*:*:*:*:*:*:*:*
cpe:2.3:a:aki:pmman.exe\/pro_plus_imap4_edition\/:*:*:*:*:*:*:*:*
cpe:2.3:a:aki:pmman.exe\/standard_edition\/:*:*:*:*:*:*:*:*
cpe:2.3:a:aki:pmman.exe\/standard_plus_imap4_edition:*:*:*:*:*:*:*:*
Vendors & Products Aki
Aki pmman.exe\/enterprise Edition\/
Aki pmman.exe\/pro Edition\/
Aki pmman.exe\/pro Plus Imap4 Edition\/
Aki pmman.exe\/standard Edition\/
Aki pmman.exe\/standard Plus Imap4 Edition
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2025-03-18T19:08:32.049Z

Reserved: 2023-08-29T05:55:03.449Z

Link: CVE-2023-40747

cve-icon Vulnrichment

Updated: 2024-08-02T18:46:10.362Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-18T01:15:48.440

Modified: 2025-03-18T20:15:20.477

Link: CVE-2023-40747

cve-icon Redhat

No data.