CVE-2024-57490

{"id": "CVE-2024-57490", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.2}]}, "published": "2025-03-21T14:15:15.120", "references": [{"url": "https://gist.github.com/NaliangzzZ/44bfcc1d9c2cf275d2b6683ca9e20980", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ioffice.cn", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw."}, {"lang": "es", "value": "iOffice20 de Guangzhou Hongfan Technology Co., LTD. presenta una vulnerabilidad de inicio de sesi\u00f3n. Un atacante puede iniciar sesi\u00f3n en cualquier cuenta del sistema, incluyendo la del administrador, mediante una falla l\u00f3gica."}], "lastModified": "2025-04-01T20:23:36.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ioffice:ioffice20:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D395BD7D-09D8-4A38-B011-BFE6B49B6485"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}