Lucene search
JpcertCVE-2024-24548HistoryFeb 01, 2024 - 7:15 a.m.
CVE-2024-24548
2024-02-0107:15:09
CWE-200
jpcert
web.nvd.nist.gov
13
information security
vulnerability
payment ex
remote attack
user data privacy
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
41.7%
Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX.
Affected configurations
Node
estore-wsspayment_exRange≤1.1.5b
| Vendor | Product | Version | CPE |
|---|---|---|---|
| estore-wss | payment_ex | * | cpe:2.3:a:estore-wss:payment_ex:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Simplesite",
"product": "Payment EX",
"versions": [
{
"version": "Ver1.1.5b and earlier",
"status": "affected"
}
]
}
]References
Related
prion
prion
Design/Logic Flaw
2024-02-01 07:15:00
vulnrichment
vulnrichment
CVE-2024-24548
2024-02-01 06:31:20
cvelist
cvelist
CVE-2024-24548
2024-02-01 06:31:20
jvn
jvn
JVN#41129639: Payment EX vulnerable to information disclosure
2024-02-01 00:00:00
nvd
nvd
CVE-2024-24548
2024-02-01 07:15:09
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
41.7%
Related for CVE-2024-24548