Lucene search
HistoryAug 25, 2023 - 7:15 a.m.
CVE-2023-32755
cve-2023-32755
webiste service
unauthenticated remote attacker
sensitive system information
crafted command
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
46.3%
e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.
Affected configurations
Node
edetwu-office_forceMatch20.0.7668d
| Vendor | Product | Version | CPE |
|---|---|---|---|
| edetw | u-office_force | 20.0.7668d | cpe:2.3:a:edetw:u-office_force:20.0.7668d:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2023-32755
2023-08-25 07:15:08
prion
prion
Command injection
2023-08-25 07:15:00
cvelist
cvelist
CVE-2023-32755 e-Excellence U-Office Force - Error Message Leakage
2023-08-25 06:48:31
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
46.3%
Related for NVD:CVE-2023-32755