CVE-2023-34209

EPSS 0.08%
Veröffentlicht 17.10.2023 05:15:50
Zuletzt bearbeitet 21.11.2024 08:06:46
Quelle ART@zuso.ai
CVE-Watchlists
Login
Unerledigt
Login

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Easyuse ≫ Mailhunter Ultimate Version <= 2023

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.239

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ART@zuso.ai	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://zuso.ai/Advisory/ZA-2023-06

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-34209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34209

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-34209