Update TWCERT/CC CVE-2023-37288

2025-06-10 02:04:31 +00:00 · 2023-07-10 14:27:05 +08:00 · 2023-07-10 14:27:05 +08:00 · b6dac56a0f
commit b6dac56a0f
parent 692546f176
1 changed files with 4 additions and 4 deletions
--- a/2023/37xxx/CVE-2023-37288.json
+++ b/2023/37xxx/CVE-2023-37288.json
@ -2,7 +2,7 @@
    "CVE_data_meta": {
        "AKA": "TWCERT/CC",
        "ASSIGNER": "cve@cert.org.tw",
-        "DATE_PUBLIC": "2023-07-10T01:02:00.000Z",
+        "DATE_PUBLIC": "2023-07-10T06:02:00.000Z",
        "ID": "CVE-2023-37288",
        "STATE": "PUBLIC",
        "TITLE": "SmartBPM.NET - Path Traversal"
@ -19,14 +19,14 @@
                                    "version_data": [
                                        {
                                            "version_affected": "=",
-                                            "version_value": "6.70"
+                                            "version_value": " 6.70"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
-                    "vendor_name": "SamrtSoft"
+                    "vendor_name": "SmartSoft"
                }
            ]
        }
@ -38,7 +38,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes."
+                "value": "SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files."
            }
        ]
    },