mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
118 lines
3.4 KiB
JSON
118 lines
3.4 KiB
JSON
{
|
|
"id": "CVE-2023-3655",
|
|
"sourceIdentifier": "office@cyberdanube.com",
|
|
"published": "2023-10-03T08:15:35.680",
|
|
"lastModified": "2023-12-28T15:20:29.200",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...).\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "cashIT! - serving solutions. Los dispositivos desde \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" hasta 03.A06rks 2023.02.37 se ven afectados por m\u00e9todos peligrosos que permiten filtrar la base de datos (configuraciones del sistema, cuentas de usuario,...). Esta vulnerabilidad puede ser provocada por un endpoint HTTP expuesto a la red."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
},
|
|
{
|
|
"source": "office@cyberdanube.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "office@cyberdanube.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-749"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cashit:cashit\\!:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "03.a06rks_2023.02.37",
|
|
"matchCriteriaId": "038B664A-EFF6-480B-B33D-82D66205C2B9"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://doi.org/10.35011/ww2q-d522",
|
|
"source": "office@cyberdanube.com",
|
|
"tags": [
|
|
"Technical Description"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.cashit.at/",
|
|
"source": "office@cyberdanube.com",
|
|
"tags": [
|
|
"Product"
|
|
]
|
|
}
|
|
]
|
|
} |