CVE-2023-5297

Exploit

EPSS 0.07%
Published 29.09.2023 22:15:12
Last modified 21.11.2024 08:41:28
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927.

Affected products Warnungen 0 Metrics 4 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Rockoa ≫ Rockoa Version2.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.22

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-530 Exposure of Backup File to an Unauthorized Control Sphere

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://github.com/magicwave18/vuldb/issues/2

Exploit

Issue Tracking

https://vuldb.com/?ctiid.240927

Third Party Advisory

Permissions Required

https://vuldb.com/?id.240927

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5297

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5297

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5297

EUVD