CVE-2024-13061

2100 Technology Electronic Official Document Management System - Authentication Bypass

CVSS 9.8 CRITICALEPSS 1.2%CWE-290

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

31 dez 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

2100 Technology Electronic · Official Document Management System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.chtsecurity.com/news/255984da-6630-4e25-ba9b-5ce6933935a6 https://www.chtsecurity.com/news/ade9e9af-61d0-4e3c-8aa0-e8524ee2cfbc https://www.twcert.org.tw/en/cp-139-8340-d8b16-2.html https://www.twcert.org.tw/tw/cp-132-8339-570fa-1.html