CVE-2023-3655

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://doi.org/10.35011/ww2q-d522	Technical Description
https://www.cashit.at/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:cashit:cashit\!:*:*:*:*:*:*:*:*

History

28 Dec 2023, 15:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-03 08:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-3655

Mitre link : CVE-2023-3655

CVE.ORG link : CVE-2023-3655

JSON object : View

Products Affected

cashit

cashit\!

CWE

NVD-CWE-Other CWE-749

Exposed Dangerous Method or Function

{"id": "CVE-2023-3655", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "office@cyberdanube.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-10-03T08:15:35.680", "references": [{"url": "https://doi.org/10.35011/ww2q-d522", "tags": ["Technical Description"], "source": "office@cyberdanube.com"}, {"url": "https://www.cashit.at/", "tags": ["Product"], "source": "office@cyberdanube.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "office@cyberdanube.com", "description": [{"lang": "en", "value": "CWE-749"}]}], "descriptions": [{"lang": "en", "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...).\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n"}, {"lang": "es", "value": "cashIT! - serving solutions. Los dispositivos desde \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" hasta 03.A06rks 2023.02.37 se ven afectados por m\u00e9todos peligrosos que permiten filtrar la base de datos (configuraciones del sistema, cuentas de usuario,...). Esta vulnerabilidad puede ser provocada por un endpoint HTTP expuesto a la red."}], "lastModified": "2023-12-28T15:20:29.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cashit:cashit\\!:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038B664A-EFF6-480B-B33D-82D66205C2B9", "versionEndIncluding": "03.a06rks_2023.02.37"}], "operator": "OR"}]}], "sourceIdentifier": "office@cyberdanube.com"}