Lucene search

CyberDanubeCVE-2023-3655

HistoryOct 03, 2023 - 8:15 a.m.

CVE-2023-3655

2023-10-0308:15:35

CWE-749

CyberDanube

web.nvd.nist.gov

cve-2023-3655

cashit

serving solutions

pos

dienstleistung

entwicklung & vertrieb gmbh

vulnerability

database leakage

http endpoint

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

37.5%

JSON

cashIT! - serving solutions. Devices from “PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH” to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,…). This vulnerability can be triggered by an HTTP endpoint exposed to the network.

Affected configurations

Nvd

Node

cashitcashit\!Range≤03.a06rks_2023.02.37

VendorProductVersionCPE
cashitcashit\!*cpe:2.3:a:cashit:cashit\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cashit	cashit\!	*	cpe:2.3:a:cashit:cashit\!::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "cashIT! - serving solutions.",
    "vendor": "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH",
    "versions": [
      {
        "lessThanOrEqual": "03.A06rks 2023.02.37",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

doi.org/10.35011/ww2q-d522

www.cashit.at/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

37.5%

JSON

Related for CVE-2023-3655