We perform regular scans with outpost24 on our own servers and it's been complaining about the exim version used by cpanel since beginning of august (CVE-2022-37452). Are there plans to update the cpanel-exim package?
This vulnerability can be exploited with ease and network access to the system by an attacker who does not have access to credentials with some impact on confidentiality, some impact to the integrity of information and some impact on system or information availability. There are currently no exploits in the public domain. However, attacks may be well described or privately held.
CVSS score 7.5 CVSS V3 6.3 - Medium -
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
This vulnerability can be exploited with ease and network access to the system by an attacker who does not have access to credentials with some impact on confidentiality, some impact to the integrity of information and some impact on system or information availability. There are currently no exploits in the public domain. However, attacks may be well described or privately held.
CVSS score 7.5 CVSS V3 6.3 - Medium -
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Last edited by a moderator:
