Lucene search

TwcertCVELIST:CVE-2024-4300

HistoryApr 29, 2024 - 3:31 a.m.

CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

2024-04-2903:31:40

CWE-200

twcert

www.cve.org

cve-2024-4300

e-webinformationco

fs-ezviewer

sensitive data exposure

remote attacker

database configuration

privilege escalation

database host ip address

database security

webpage source code

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and database host IP address. With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FS-EZViewer(Web)",
    "vendor": "E-WEBInformationCo.",
    "versions": [
      {
        "lessThanOrEqual": "10.4.0.x",
        "status": "affected",
        "version": "earlier",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7774-fbd01-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2024-4300