CVE-2022-47076
CVE-2022-47076
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 7.5EPSS 6.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
28 Feb 2023Published on NVD
22 Jun 2023Public PoC
Weaponization speed
114 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51539unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.htmlhttps://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/https://youtu.be/D42upepxzwM