Lucene search

[email protected]CVE-2022-39023

HistoryOct 31, 2022 - 7:15 a.m.

CVE-2022-39023

2022-10-3107:15:10

CWE-22

[email protected]

web.nvd.nist.gov

cve

nvd

u-office

force download

path traversal

vulnerability

remote attacker

system file

exploit

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file.

Affected configurations

NVD

Node

edetwu-office_forceRange≤20.50.7821d

CPENameOperatorVersion
edetw:u-office_forceedetw u-office forcele20.50.7821d

CPE	Name	Operator	Version
edetw:u-office_force	edetw u-office force	le	20.50.7821d

CNA Affected

[
  {
    "vendor": "e-Excellence Inc.",
    "product": "U-Office Force",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "20.50.7821D Build:202104sp1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6638-08596-1.html

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2022-39023

cvelist1 prion1 nvd1