CVE-2024-7323

Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .
Configurations

Configuration 1 (hide)

cpe:2.3:a:digiwin:easyflow_.net:*:*:*:*:*:*:*:*

History

11 Sep 2024, 14:22

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-7990-87183-2.html - () https://www.twcert.org.tw/en/cp-139-7990-87183-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7989-9c4ea-1.html - () https://www.twcert.org.tw/tw/cp-132-7989-9c4ea-1.html - Third Party Advisory
First Time Digiwin
Digiwin easyflow .net
CPE cpe:2.3:a:digiwin:easyflow_.net:*:*:*:*:*:*:*:*
CWE CWE-22

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Digiwin EasyFlow .NET carece de un control de acceso adecuado para una funcionalidad específica y la funcionalidad no filtra adecuadamente la entrada del usuario. Un atacante remoto con privilegios regulares puede aprovechar esta vulnerabilidad para descargar archivos arbitrarios desde el servidor remoto.

02 Aug 2024, 11:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 11:16

Updated : 2024-09-11 14:22


NVD link : CVE-2024-7323

Mitre link : CVE-2024-7323

CVE.ORG link : CVE-2024-7323


JSON object : View

Products Affected

digiwin

  • easyflow_.net
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-36

Absolute Path Traversal