Lucene search

TwcertCVELIST:CVE-2022-38116

HistoryAug 30, 2022 - 4:25 a.m.

CVE-2022-38116 Le-yan Co., Ltd. Personnel and Salary Management System - Hard-coded password

2022-08-3004:25:27

CWE-798

twcert

www.cve.org

hard-coded password

database account

remote attacker

system data

disrupt service

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service.

CNA Affected

[
  {
    "product": "Personnel and Salary Management System",
    "vendor": "Le-yan Co., Ltd.",
    "versions": [
      {
        "lessThanOrEqual": "2022/6/6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6460-2bb02-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Related for CVELIST:CVE-2022-38116