Arbitrary Code Execution Vulnerability in Authenticated Mail Users' File Uploads to Public Folders
CVE-2022-42136 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.
Learn more about our Cis Benchmark Audit For Microsoft Iis.