CVE-2022-34924

Опубликовано: 02 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.

Ссылки

https://codeantenna.com/a/DXQfemaZEH
Exploit
Third Party Advisory
https://developpaper.com/lanling-oa-foreground-arbitrary-file-reading-vulnerability-exploitation/
Exploit
Third Party Advisory
https://codeantenna.com/a/DXQfemaZEH
Exploit
Third Party Advisory
https://developpaper.com/lanling-oa-foreground-arbitrary-file-reading-vulnerability-exploitation/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:landray:landray_office_automation:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00148

Низкий

7.5 High

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-5r46-4f86-pmc5