9.8
CVE-2023-37286
- EPSS 1.35%
- Veröffentlicht 10.07.2023 02:15:45
- Zuletzt bearbeitet 21.11.2024 08:11:24
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginSmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smartsoft ≫ Smartbpm.Net Version6.70
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.35% | 0.796 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.