Lucene search

TwcertCVELIST:CVE-2023-48374

HistoryDec 15, 2023 - 7:39 a.m.

CVE-2023-48374 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials

2023-12-1507:39:47

CWE-798

twcert

www.cve.org

cve-2023-48374

smartstar software

cws web-base

hard-coded credentials

vulnerability

unauthenticated remote attacker

partial processes

partial information.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.1%

JSON

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can’t disrupt service or obtain sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CWS Web-Base",
    "vendor": "SmartStar Software",
    "versions": [
      {
        "status": "affected",
        "version": "v10.25"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.1%

JSON

Related for CVELIST:CVE-2023-48374