CVE-2022-34924

Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.
Configurations

Configuration 1 (hide)

cpe:2.3:a:landray:landray_office_automation:-:*:*:*:*:*:*:*

History

08 Aug 2022, 14:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:landray:landray_office_automation:-:*:*:*:*:*:*:*
CWE CWE-312
References (MISC) https://codeantenna.com/a/DXQfemaZEH - (MISC) https://codeantenna.com/a/DXQfemaZEH - Exploit, Third Party Advisory
References (MISC) https://developpaper.com/lanling-oa-foreground-arbitrary-file-reading-vulnerability-exploitation/ - (MISC) https://developpaper.com/lanling-oa-foreground-arbitrary-file-reading-vulnerability-exploitation/ - Exploit, Third Party Advisory

02 Aug 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-02 20:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-34924

Mitre link : CVE-2022-34924

CVE.ORG link : CVE-2022-34924


JSON object : View

Products Affected

landray

  • landray_office_automation
CWE
CWE-312

Cleartext Storage of Sensitive Information