Lucene search

TwcertCVELIST:CVE-2023-48374

HistoryDec 15, 2023 - 7:39 a.m.

CVE-2023-48374 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials

2023-12-1507:39:47

CWE-798

twcert

www.cve.org

cve-2023-48374

smartstar software

cws web-base

hard-coded credentials

vulnerability

unauthenticated remote attacker

partial processes

partial information.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

33.1%

JSON

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can’t disrupt service or obtain sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CWS Web-Base",
    "vendor": "SmartStar Software",
    "versions": [
      {
        "status": "affected",
        "version": "v10.25"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

33.1%

JSON

Related for CVELIST:CVE-2023-48374