CVE-2024-13061

2100 Technology Electronic Official Document Management System - Authentication Bypass

CVSS 9.8 CRITICALEPSS 1.2%CWE-290

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.8EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

31 dic 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

2100 Technology Electronic · Official Document Management System

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.chtsecurity.com/news/255984da-6630-4e25-ba9b-5ce6933935a6 https://www.chtsecurity.com/news/ade9e9af-61d0-4e3c-8aa0-e8524ee2cfbc https://www.twcert.org.tw/en/cp-139-8340-d8b16-2.html https://www.twcert.org.tw/tw/cp-132-8339-570fa-1.html