CVE-2023-33524

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33524
Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://cve.report/CVE-2023-33524 Third Party Advisory
https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7 Third Party Advisory
https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ Product
https://cve.report/CVE-2023-33524 Third Party Advisory
https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7 Third Party Advisory
https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:advent:tamale_rms:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:05

Type Values Removed Values Added
References () https://cve.report/CVE-2023-33524 - Third Party Advisory () https://cve.report/CVE-2023-33524 - Third Party Advisory
References () https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7 - Third Party Advisory () https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7 - Third Party Advisory
References () https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ - Product () https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ - Product

09 Jun 2023, 22:54

Type Values Removed Values Added
References (MISC) https://cve.report/CVE-2023-33524 - (MISC) https://cve.report/CVE-2023-33524 - Third Party Advisory
References (MISC) https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7 - (MISC) https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7 - Third Party Advisory
References (MISC) https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ - (MISC) https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ - Product
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
First Time Advent tamale Rms
Advent
CPE cpe:2.3:a:advent:tamale_rms:*:*:*:*:*:*:*:*
CWE CWE-22

07 Jun 2023, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ -

05 Jun 2023, 19:15

Type Values Removed Values Added
Summary Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. The configuration backup file, which contains username hashes, cleartext passwords, and API keys, can be downloaded. This could allow a malicious actor to crack the passwords offline and/or utilize the API keys to control the remote application. Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app.
References
  • (MISC) https://cve.report/CVE-2023-33524 -

05 Jun 2023, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-05 17:15

Updated : 2024-11-21 08:05

NVD link : CVE-2023-33524

Mitre link : CVE-2023-33524

CVE.ORG link : CVE-2023-33524

JSON object : View

Products Affected

advent

  • tamale_rms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024