CVE-2023-22278 (GCVE-0-2023-22278)
Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-04 18:38
VLAI
Summary
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
Severity
5.3 (Medium)
CWE
- Authentication bypass
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | m-FILTER Ver.5 Series and Ver.4 Series |
Affected:
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T18:38:12.014782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T18:38:15.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "m-FILTER Ver.5 Series and Ver.4 Series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users\u0027 unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22278",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-04-04T18:38:15.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-22278",
"date": "2026-05-31",
"epss": "0.00492",
"percentile": "0.65907"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:daj:m-filter:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.87r04\", \"matchCriteriaId\": \"62BED9AC-FCB9-4A5F-9751-A6DA42A32F2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:daj:m-filter:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0\", \"versionEndExcluding\": \"5.70r01\", \"matchCriteriaId\": \"BC5965A1-EAE3-44FA-A2A2-DB76A534091C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users\u0027 unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.\"}, {\"lang\": \"es\", \"value\": \"m-FILTER anterior a la versi\\u00f3n 5.70R01 (serie Ver.5) y m-FILTER anterior a la versi\\u00f3n 4.87R04 (serie Ver.4) permite a un atacante remoto no autenticado eludir la autenticaci\\u00f3n y enviar correos electr\\u00f3nicos no deseados a los usuarios cuando se env\\u00edan correos electr\\u00f3nicos bajo ciertas condiciones. Se han observado ataques que aprovechan esta vulnerabilidad.\"}]",
"id": "CVE-2023-22278",
"lastModified": "2024-11-21T07:44:26.783",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2023-01-17T10:15:11.333",
"references": "[{\"url\": \"https://jvn.jp/en/jp/JVN55675303/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN55675303/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-22278\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2023-01-17T10:15:11.333\",\"lastModified\":\"2025-04-04T19:15:45.007\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users\u0027 unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.\"},{\"lang\":\"es\",\"value\":\"m-FILTER anterior a la versi\u00f3n 5.70R01 (serie Ver.5) y m-FILTER anterior a la versi\u00f3n 4.87R04 (serie Ver.4) permite a un atacante remoto no autenticado eludir la autenticaci\u00f3n y enviar correos electr\u00f3nicos no deseados a los usuarios cuando se env\u00edan correos electr\u00f3nicos bajo ciertas condiciones. Se han observado ataques que aprovechan esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:daj:m-filter:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.87r04\",\"matchCriteriaId\":\"62BED9AC-FCB9-4A5F-9751-A6DA42A32F2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:daj:m-filter:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.70r01\",\"matchCriteriaId\":\"BC5965A1-EAE3-44FA-A2A2-DB76A534091C\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN55675303/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN55675303/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://jvn.jp/en/jp/JVN55675303/index.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:07:05.433Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-22278\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-04T18:38:12.014782Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-04T18:38:07.276Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Digital Arts Inc.\", \"product\": \"m-FILTER Ver.5 Series and Ver.4 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)\"}]}], \"references\": [{\"url\": \"https://jvn.jp/en/jp/JVN55675303/index.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users\u0027 unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Authentication bypass\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2023-01-17T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-22278\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-04T18:38:15.728Z\", \"dateReserved\": \"2022-12-28T00:00:00.000Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2023-01-17T00:00:00.000Z\", \"assignerShortName\": \"jpcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…