漏洞标题
浙江土地宗恒网络技术O2OA信息披露
漏洞描述信息
在Zhejiang Land Zongheng Network Technology O2OA的最新版本20240403中发现了一个被分类为有问题的漏洞。受影响的是文件/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3中的未知功能。该操作会导致信息泄露。攻击可以远程发起。攻击的复杂性相对较高。利用的复杂性被认为较难。该漏洞的利用方法已被公开,可能会被利用。该漏洞的标识符为VDB-260478。注意:供应商在此次披露早期就被联系,但未以任何方式回应。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
信息暴露
漏洞标题
Zhejiang Land Zongheng Network Technology O2OA information disclosure
漏洞描述信息
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
信息暴露
漏洞标题
O2OA 信息泄露漏洞
漏洞描述信息
LanDe Network O2oa是中国兰德网络(LanDe Network)公司的一个 Oa 办公系统。 O2OA 20240403及之前版本中存在信息泄露漏洞,该漏洞源于文件/x_portal 的未知功能会导致信息泄露。
CVSS信息
N/A
漏洞类别
信息泄露