China National Vulnerability DatabaseCNVD-2022-86392Maarch RM Information Disclosure Vulnerability
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Maarch RM is an electronic archiving system from Maarch Inc. Streamline your authentication process, science and technical control in an efficient and optimized manner.An information disclosure vulnerability exists in Maarch RM 2.8 and later, versions prior to 2.8.6, and 2.9. The vulnerability stems from the fact that when accessing certain specific documents (pdf, email) from an archive, the application suggests a preview that generates a URL containing an md5 hash of the accessed file with no access rights verification. An attacker could exploit the vulnerability to obtain sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| maarch maarch rm >=2.8, | lt | 2.8.6 | |
| maarch maarch rm | eq | 2.9 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N