Lucene search

TR-CERTVULNRICHMENT:CVE-2024-1744

HistorySep 06, 2024 - 12:13 p.m.

CVE-2024-1744 Information Disclosure in Ariva Computer's Accord ORS

2024-09-0612:13:31

CWE-200

TR-CERT

github.com

cve-2024-1744

information disclosure

ariva computer

accord ors

vulnerability

sensitive data

unauthorized actor

data retrieval

CVSS4

9.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

37.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ariva_computer:accord_ors:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ariva_computer",
    "product": "accord_ors",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "7.3.2.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.usom.gov.tr/bildirim/tr-24-1408

CVSS4

9.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:N/SI:N/VA:N/SA:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

37.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1744