// For flags

CVE-2024-3689

Zhejiang Land Zongheng Network Technology O2OA information disclosure

Severity Score

3.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Una vulnerabilidad ha sido encontrada en Zhejiang Land Zongheng Network Technology O2OA hasta 20240403 y clasificada como problemática. Una función desconocida del archivo /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3 es afectada por esta vulnerabilidad. La manipulación conduce a la divulgación de información. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es difícil. El exploit ha sido divulgado al público y puede utilizarse. VDB-260478 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

Es wurde eine problematische Schwachstelle in Zhejiang Land Zongheng Network Technology O2OA bis 20240403 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.

*Credits: Ting
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-04-12 CVE Reserved
  • 2024-04-12 CVE Published
  • 2024-04-13 EPSS Updated
  • 2024-08-20 CVE Updated
  • 2024-08-20 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
URL Tag Source
https://vuldb.com/?id.260478 Vdb Entry
https://vuldb.com/?submit.309457 Third Party Advisory
URL Date SRC
https://github.com/Echosssy/CVE 2024-08-20
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zhejiang Land Zongheng Network Technology
Search vendor "Zhejiang Land Zongheng Network Technology"
 O2oa
Search vendor "Zhejiang Land Zongheng Network Technology" for product "O2oa"
*-
Affected