exploitDog

CVE-2024-7323

Опубликовано: 02 авг. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .

Ссылки

https://www.twcert.org.tw/en/cp-139-7990-87183-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7989-9c4ea-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:digiwin:easyflow_.net:*:*:*:*:*:*:*:*

Версия до 6.6.17 (исключая)

EPSS

Процентиль: 58%

0.00359

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-36

CWE-22

Связанные уязвимости

GHSA-9mv8-jqq2-5m57

CVSS3: 6.5

github

больше 1 года назад

Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .

EPSS

Процентиль: 58%

0.00359

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-36

CWE-22