Lucene search

TwcertCVELIST:CVE-2023-41356

HistoryNov 03, 2023 - 6:18 a.m.

CVE-2023-41356 WisdomGarden Tronclass ilearn - Broken Access Control

2023-11-0306:18:37

CWE-639

twcert

www.cve.org

wisdomgarden

tronclass

ilearn

path traversal

cve-2023-41356

ncsist

manageengine

mobile device manager

mdm

authentication bypass

system files

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.7%

JSON

NCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Tronclass ilearn",
    "vendor": "WisdomGarden",
    "versions": [
      {
        "status": "affected",
        "version": "V1.4 2021/09/14"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7506-b4e29-1.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.7%

JSON

Related for CVELIST:CVE-2023-41356