CVE-2024-6737
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| 2100 TECHNOLOGY | Electronic Official Document Management System | all < 5.0.77 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html
- https://www.twcert.org.tw/en/cp-139-7924-85606-2.html
References
- https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html
- https://www.twcert.org.tw/en/cp-139-7924-85606-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.