CVE-2024-45438

An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows unauthenticated users to trigger account-level actions using a crafted GET request. Notably, when a non-existent email address is provided as part of the email parameter, SpamTitan will automatically create a user record and associate quarantine settings with it - all without requiring authentication.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.titanhq.com/en/13161-spamtitan-release-notes.html
https://seclists.org/fulldisclosure/2025/Sep/15
https://www.seralys.com/research/CVE-2024-45438.txt
https://www.titanhq.com/email-protection/
http://seclists.org/fulldisclosure/2025/Sep/15

Configurations

No configuration.

History

03 Nov 2025, 20:16

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Sep/15 -

Information

Published : 2025-08-21 17:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-45438

Mitre link : CVE-2024-45438

CVE.ORG link : CVE-2024-45438

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-45438", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-08-21T17:15:29.553", "references": [{"url": "https://docs.titanhq.com/en/13161-spamtitan-release-notes.html", "source": "[email protected]"}, {"url": "https://seclists.org/fulldisclosure/2025/Sep/15", "source": "[email protected]"}, {"url": "https://www.seralys.com/research/CVE-2024-45438.txt", "source": "[email protected]"}, {"url": "https://www.titanhq.com/email-protection/", "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/15", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows unauthenticated users to trigger account-level actions using a crafted GET request. Notably, when a non-existent email address is provided as part of the email parameter, SpamTitan will automatically create a user record and associate quarantine settings with it - all without requiring authentication."}, {"lang": "es", "value": "Se detect\u00f3 un problema en TitanHQ SpamTitan Email Security Gateway 8.00.x (anterior a 8.00.101) y 8.01.x (anterior a 8.01.14). El archivo quarantine.php de la interfaz de SpamTitan permite a usuarios no autenticados ejecutar acciones a nivel de cuenta mediante una solicitud GET espec\u00edfica. Cabe destacar que, al proporcionar una direcci\u00f3n de correo electr\u00f3nico inexistente como parte del par\u00e1metro de correo electr\u00f3nico, SpamTitan crear\u00e1 autom\u00e1ticamente un registro de usuario y le asociar\u00e1 la configuraci\u00f3n de cuarentena, todo ello sin necesidad de autenticaci\u00f3n."}], "lastModified": "2025-11-03T20:16:30.433", "sourceIdentifier": "[email protected]"}