CVE-2024-3689

EPSS 0.31%
Published 12.04.2024 15:15:26
Last modified 19.09.2025 12:35:12
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Zoneland ≫ O2oa Version <= 2024-04-03

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.533

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/Echosssy/CVE

Not Applicable

https://vuldb.com/?ctiid.260478

VDB Entry

Permissions Required

https://vuldb.com/?id.260478

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.309457

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2024-3689

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3689

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3689

EUVD