{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48373", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-11-16T03:49:45.971Z", "datePublished": "2023-12-15T04:27:26.842Z", "dateUpdated": "2024-08-02T21:30:35.123Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OMICARD EDM 's SMS", "vendor": "ITPison", "versions": [{"status": "affected", "version": "v6.0.1.5"}]}], "datePublic": "2023-12-15T04:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "ITPison OMICARD EDM has a path traversal vulnerability within its parameter \u201cFileName\u201d in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}], "value": "ITPison OMICARD EDM has a path traversal vulnerability within its parameter \u201cFileName\u201d in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-12-15T04:27:54.223Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\nUpdate version to v5.9 or latest<br>\n\n<br>"}], "value": "\n\n\nUpdate version to v5.9 or latest\n\n\n\n"}], "source": {"advisory": "TVN-202312003", "discovery": "EXTERNAL"}, "title": "ITPison OMICARD EDM 's SMS - Path Traversal", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:35.123Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:itpison:omicard_edm:6.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E0E83A71-074E-41B5-908A-3A227F4DB884", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ITPison OMICARD EDM has a path traversal vulnerability within its parameter \u201cFileName\u201d in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}, {"lang": "es", "value": "ITPison OMICARD EDM tiene una vulnerabilidad de path traversal dentro de su par\u00e1metro \u201cFileName\u201d en una funci\u00f3n espec\u00edfica. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para eludir la autenticaci\u00f3n y descargar archivos arbitrarios del sistema."}], "id": "CVE-2023-48373", "lastModified": "2024-11-21T08:31:35.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2023-12-15T05:15:08.153", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}