Lucene search

[email protected]CVE-2022-47075

HistoryFeb 28, 2023 - 11:15 p.m.

CVE-2022-47075

2023-02-2823:15:11

[email protected]

web.nvd.nist.gov

cve-2022-47075

smart office web

information security

sensitive information

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.

Affected configurations

NVD

Node

smartofficepayrollsmartofficeRange≤20.28web

CPENameOperatorVersion
smartofficepayroll:smartofficesmartofficepayroll smartofficele20.28

CPE	Name	Operator	Version
smartofficepayroll:smartoffice	smartofficepayroll smartoffice	le	20.28

References

packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html

cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/

cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/

youtu.be/D42upepxzwM

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2022-47075

nvd1 prion1 cvelist1 nuclei1 zdt1 packetstorm1 exploitdb1