Lucene search

[email protected]CVE-2023-26760

HistoryFeb 27, 2023 - 4:15 p.m.

CVE-2023-26760

2023-02-2716:15:13

CWE-312

[email protected]

web.nvd.nist.gov

sme.up erp

tokyo v6r1m220406

cve-2023-26760

info disclosure

/debug endpoint

as400

cleartext credentials

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system.

Affected configurations

NVD

Node

smeuperpMatchtokyo_v6r1m220406

CPENameOperatorVersion
smeup:erpsmeup erpeqtokyo_v6r1m220406

CPE	Name	Operator	Version
smeup:erp	smeup erp	eq	tokyo_v6r1m220406

References

www.swascan.com/it/security-advisory-sme-up-erp/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

Related for CVE-2023-26760

cvelist1 nvd1 prion1