← voltar
CVE-2023-37290

InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF)

CVSS 7.5 HIGHEPSS 0.6%CWE-918
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
20 jul 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
InfoDoc · Document On-line Submission and Approval System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.twcert.org.tw/tw/cp-132-7226-12195-1.html