Lucene search

[email protected]NVD:CVE-2023-26760

HistoryFeb 27, 2023 - 4:15 p.m.

CVE-2023-26760

2023-02-2716:15:13

CWE-312

[email protected]

web.nvd.nist.gov

sme.up erp

tokyo v6r1m220406

information disclosure

/debug endpoint

cleartext credentials

as400 system

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

58.6%

JSON

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system.

Affected configurations

Nvd

Node

smeuperpMatchtokyo_v6r1m220406

VendorProductVersionCPE
smeuperptokyo_v6r1m220406cpe:2.3:a:smeup:erp:tokyo_v6r1m220406:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smeup	erp	tokyo_v6r1m220406	cpe:2.3:a:smeup:erp:tokyo_v6r1m220406:::::::*

References

www.swascan.com/it/security-advisory-sme-up-erp/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

58.6%

JSON

Related for NVD:CVE-2023-26760

cvelist1 prion1 cve1