CVE-2023-5296

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability.
References
Link Resource
https://github.com/magicwave18/vuldb/issues/1 Exploit Issue Tracking
https://vuldb.com/?ctiid.240926 Permissions Required Third Party Advisory
https://vuldb.com/?id.240926 Third Party Advisory
https://github.com/magicwave18/vuldb/issues/1 Exploit Issue Tracking
https://vuldb.com/?ctiid.240926 Permissions Required Third Party Advisory
https://vuldb.com/?id.240926 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rockoa:rockoa:1.1:*:*:*:*:*:*:*
cpe:2.3:a:rockoa:rockoa:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rockoa:rockoa:15.x3amdi:*:*:*:*:*:*:*

History

21 Nov 2024, 08:41

Type Values Removed Values Added
References () https://github.com/magicwave18/vuldb/issues/1 - Exploit, Issue Tracking () https://github.com/magicwave18/vuldb/issues/1 - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.240926 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.240926 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.240926 - Third Party Advisory () https://vuldb.com/?id.240926 - Third Party Advisory
CVSS v2 : 4.0
v3 : 7.5
v2 : 4.0
v3 : 4.3

04 Oct 2023, 11:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://github.com/magicwave18/vuldb/issues/1 - (MISC) https://github.com/magicwave18/vuldb/issues/1 - Exploit, Issue Tracking
References (MISC) https://vuldb.com/?id.240926 - (MISC) https://vuldb.com/?id.240926 - Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.240926 - (MISC) https://vuldb.com/?ctiid.240926 - Permissions Required, Third Party Advisory
CPE cpe:2.3:a:rockoa:rockoa:15.x3amdi:*:*:*:*:*:*:*
cpe:2.3:a:rockoa:rockoa:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rockoa:rockoa:1.1:*:*:*:*:*:*:*
First Time Rockoa
Rockoa rockoa

29 Sep 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-29 22:15

Updated : 2024-11-21 08:41


NVD link : CVE-2023-5296

Mitre link : CVE-2023-5296

CVE.ORG link : CVE-2023-5296


JSON object : View

Products Affected

rockoa

  • rockoa
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password