CVE-2023-48373

{"id": "CVE-2023-48373", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T05:15:08.153", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "ITPison OMICARD EDM has a path traversal vulnerability within its parameter \u201cFileName\u201d in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files."}, {"lang": "es", "value": "ITPison OMICARD EDM tiene una vulnerabilidad de path traversal dentro de su par\u00e1metro \u201cFileName\u201d en una funci\u00f3n espec\u00edfica. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para eludir la autenticaci\u00f3n y descargar archivos arbitrarios del sistema."}], "lastModified": "2023-12-22T16:45:41.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:itpison:omicard_edm:6.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0E83A71-074E-41B5-908A-3A227F4DB884"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}