{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T11:03:49.868","vulnerabilities":[{"cve":{"id":"CVE-2023-6381","sourceIdentifier":"cve-coordination@incibe.es","published":"2023-12-13T11:15:07.830","lastModified":"2024-11-21T08:43:44.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file."},{"lang":"es","value":"Vulnerabilidad de validación de entrada incorrecta en Newsletter Software SuperMailer que afecta a la versión 11.20.0.2204. Un atacante podría aprovechar esta vulnerabilidad enviando un archivo de configuración malicioso (archivo con extensión SMB) a un usuario a través de un enlace o un archivo adjunto de correo electrónico y persuadir al usuario para que abra el archivo con el software afectado en el sistema local. Un exploit exitoso podría permitir al atacante bloquear la aplicación al intentar cargar el archivo malicioso."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:supermailer:supermailer:11.20.0.2204:*:*:*:*:*:*:*","matchCriteriaId":"565674D3-43AB-45A0-BB60-375A6C7D7C04"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/improper-input-validation-newsletter-software-supermailer","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]},{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/improper-input-validation-newsletter-software-supermailer","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}