CVE-2024-3689

EPSS 0.31%
Veröffentlicht 12.04.2024 15:15:26
Zuletzt bearbeitet 19.09.2025 12:35:12
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoneland ≫ O2oa Version <= 2024-04-03

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.533

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/Echosssy/CVE

Not Applicable

https://vuldb.com/?ctiid.260478

VDB Entry

Permissions Required

https://vuldb.com/?id.260478

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.309457

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2024-3689

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3689

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3689

EUVD