Vulnerabilites related to Zhejiang Land Zongheng Network Technology - O2OA
CVE-2024-3689 (GCVE-0-2024-3689)
Vulnerability from cvelistv5
Published
2024-04-12 14:31
Modified
2024-08-20 18:32
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Summary
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
https://vuldb.com/?id.260478vdb-entry
https://vuldb.com/?ctiid.260478signature, permissions-required
https://vuldb.com/?submit.309457third-party-advisory
https://github.com/Echosssy/CVEexploit
Impacted products
Vendor Product Version
Zhejiang Land Zongheng Network Technology O2OA Version: 20240403
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:01.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-260478 | Zhejiang Land Zongheng Network Technology O2OA information disclosure",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.260478"
          },
          {
            "name": "VDB-260478 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.260478"
          },
          {
            "name": "Submit #309457 | \u6d59\u6c5f\u5170\u5fb7\u7eb5\u6a2a\u7f51\u7edc\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8 O2OA   newest information disclosure",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.309457"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/Echosssy/CVE"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zhejiang_land_zongheng_network_technology:o2oa:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o2oa",
            "vendor": "zhejiang_land_zongheng_network_technology",
            "versions": [
              {
                "lessThanOrEqual": "20240403",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3689",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T18:24:52.825446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T18:32:37.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O2OA",
          "vendor": "Zhejiang Land Zongheng Network Technology",
          "versions": [
            {
              "status": "affected",
              "version": "20240403"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ting (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in Zhejiang Land Zongheng Network Technology O2OA bis 20240403 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T14:31:04.510Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-260478 | Zhejiang Land Zongheng Network Technology O2OA information disclosure",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.260478"
        },
        {
          "name": "VDB-260478 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.260478"
        },
        {
          "name": "Submit #309457 | \u6d59\u6c5f\u5170\u5fb7\u7eb5\u6a2a\u7f51\u7edc\u6280\u672f\u80a1\u4efd\u6709\u9650\u516c\u53f8 O2OA   newest information disclosure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.309457"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/Echosssy/CVE"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-04-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-04-12T09:00:46.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Zhejiang Land Zongheng Network Technology O2OA information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-3689",
    "datePublished": "2024-04-12T14:31:04.510Z",
    "dateReserved": "2024-04-12T06:55:36.945Z",
    "dateUpdated": "2024-08-20T18:32:37.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}