From b6dac56a0f1d23128b150f6d485f8a87b297ba60 Mon Sep 17 00:00:00 2001 From: TARA HSIAO Date: Mon, 10 Jul 2023 14:27:05 +0800 Subject: [PATCH] Update TWCERT/CC CVE-2023-37288 --- 2023/37xxx/CVE-2023-37288.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/2023/37xxx/CVE-2023-37288.json b/2023/37xxx/CVE-2023-37288.json index 785fea7deb3..e1e7a094249 100644 --- a/2023/37xxx/CVE-2023-37288.json +++ b/2023/37xxx/CVE-2023-37288.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", - "DATE_PUBLIC": "2023-07-10T01:02:00.000Z", + "DATE_PUBLIC": "2023-07-10T06:02:00.000Z", "ID": "CVE-2023-37288", "STATE": "PUBLIC", "TITLE": "SmartBPM.NET - Path Traversal" @@ -19,14 +19,14 @@ "version_data": [ { "version_affected": "=", - "version_value": "6.70" + "version_value": " 6.70" } ] } } ] }, - "vendor_name": "SamrtSoft" + "vendor_name": "SmartSoft" } ] } @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes." + "value": "SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files." } ] },