9.1

CVE-2023-37287

EPSS 0.16%
Veröffentlicht 10.07.2023 02:15:45
Zuletzt bearbeitet 21.11.2024 08:11:24
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Smartsoft ≫ Smartbpm.Net Version6.70

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.374

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.twcert.org.tw/tw/cp-132-7222-cdfd0-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-37287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37287

EUVD