7.5

CVE-2023-2766

Exploit

Weaver OA jx2_config.ini file access

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WeaverE-office Version9.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 54.23% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://github.com/8079048q/cve/blob/main/weaveroa.md
Third Party Advisory
Exploit
https://vuldb.com/?ctiid.229271
Third Party Advisory
VDB Entry
Permissions Required
https://vuldb.com/?id.229271
Third Party Advisory
VDB Entry
Permissions Required