exploitDog

CVE-2024-6737

Опубликовано: 15 июл. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.

Ссылки

https://www.twcert.org.tw/en/cp-139-7924-85606-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html
Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7924-85606-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:electronic_official_document_management_system_project:electronic_official_document_management_system:*:*:*:*:*:*:*:*

Версия до 5.0.77 (исключая)

EPSS

Процентиль: 57%

0.00353

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-h9fq-98cf-cfj2

CVSS3: 8.8

github

больше 1 года назад

The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.

EPSS

Процентиль: 57%

0.00353

Низкий

8.8 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other