Published:2023/01/06  Last Updated:2023/01/06

Digital Arts m-FILTER vulnerable to improper authentication


m-FILTER provided by Digital Arts Inc. contains an improper implementation in the authentication process of sending emails.

Products Affected

  • m-FILTER prior to Ver.5.70R01 (Ver.5 Series)
  • m-FILTER prior to Ver.4.87R04 (Ver.4 Series)
The developer states that m-FILTER@Cloud had been affected by this vulnerability as well.


m-FILTER provided by Digital Arts Inc. is an emaill security product.
m-FILTER contains an improper authentication vulnerability (CWE-287) when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker.

Digital Arts Inc. states that attacks exploiting this vulnerability have been observed.


Exploiting this vulnerability may result in the impacts listed below.

  • The source IP address is blacklisted and emails cannot be sent
  • If the archive function is being used, sent unsolicited emails are archived and the disk space is oppressed


Update the Software
Update to the latest version according to the information provided by the developer.
The developer has released the following versions to fix the vulnerability.

  • m-FILTER Ver.5.70R01 (Ver.5 Series)
  • m-FILTER Ver.4.87R04 (Ver.4 Series)
The issue in m-FILTER@Cloud is already fixed with the update on December 23, 2022.


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Base Score: 5.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
Base Score: 4.3
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)


Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2023-22278
JVN iPedia JVNDB-2023-000002