Lucene search

[email protected]CVE-2024-6424

HistoryJul 01, 2024 - 1:15 p.m.

CVE-2024-6424

2024-07-0113:15:06

CWE-918

[email protected]

web.nvd.nist.gov

mesbook

remote

unauthenticated

exploit

endpoint

source code

web files

internal files

network resources

vulnerability

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint “/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST” or “/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST” to read the source code of web files, read internal files or access network resources.

Affected configurations

Vulners

Node

mesbookmesbookRange≤20221021.03

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MESbook",
    "vendor": "MESbook",
    "versions": [
      {
        "status": "affected",
        "version": "20221021.03"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-mesbook

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

9.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-6424

nvd1 vulnrichment1 cvelist1