Jinan Chicheng Company JFlow 2.0.0 Attachment EntityMutliFile_Load.do AttachmentUploadController oid amalungelo andlule
| CVSS Meta Temp Isilinganiso | Intengo yamanje ye-exploit (≈) | CTI Inzalo Score |
|---|---|---|
| 4.1 | $0-$5k | 0.12 |
Isifinyezo
Kukhona ubuthakathaka obubizwa ngokuthi kuyinkinga obutholakele ku Jinan Chicheng Company JFlow 2.0.0. Kuthinteka umsebenzi AttachmentUploadController kufayela /WF/Ath/EntityMutliFile_Load.do kwe-component Attachment Handler. Ukusebenzisa kwepharamitha oid kuholela ku amalungelo andlule.
Lokhu buthakathaka kuthengiswa njenge CVE-2024-9003. Kuyenzeka ukuqala ukuhlasela kude. Ngaphezu kwalokho, kukhona i-exploit etholakalayo.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Iinkcukacha
Kukhona ubuthakathaka obubizwa ngokuthi kuyinkinga obutholakele ku Jinan Chicheng Company JFlow 2.0.0. Kuthinteka umsebenzi AttachmentUploadController kufayela /WF/Ath/EntityMutliFile_Load.do kwe-component Attachment Handler. Ukusebenzisa kwepharamitha oid kuholela ku amalungelo andlule. Ukusebenzisa i-CWE ukukhomba inkinga kuholela ku-CWE-284. Ubuthakathaka babikwa. Isaziso sabelwe ukuthi singalayishwa ku-github.com.
Lokhu buthakathaka kuthengiswa njenge CVE-2024-9003. Kuyenzeka ukuqala ukuhlasela kude. Kukhona imininingwane yezobuchwepheshe etholakalayo. Udumo lwalobu buthakathi luphansi kunokujwayelekile. Ngaphezu kwalokho, kukhona i-exploit etholakalayo. Ukuhlaselwa sekudalulwe emphakathini futhi kungasetshenziswa. Okwamanje, intengo yamanje ye-exploit ingaba cishe USD $0-$5k ngalesi sikhathi.
Kuyenzeka ukulanda i-exploit ku-github.com.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Umkhiqizo
Umkhiqizi
Ibizo
Inguqulo
CPE 2.3
CPE 2.2
CVSSv4
VulDB Umkhombandlela: 🔍VulDB Ukuthembeka: 🔍
CVSSv3
VulDB Ireyithingi yeMeta Base: 4.3VulDB Meta Temp Isilinganiso: 4.1
VulDB Isilinganiso Esiyisisekelo: 4.3
VulDB Izinga Lesikhashana: 3.9
VulDB Umkhombandlela: 🔍
VulDB Ukuthembeka: 🔍
CNA Isilinganiso Esiyisisekelo: 4.3
CNA Umkhombandlela: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Umkhombandlela | Ubunzima | Ukufakazela ubuwena | Ukuyimfihlo | Ukuthembeka | Ukutholakala |
|---|---|---|---|---|---|
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
VulDB Isilinganiso Esiyisisekelo: 🔍
VulDB Izinga Lesikhashana: 🔍
VulDB Ukuthembeka: 🔍
Ukusebenzisa ithuba lokungavikeleki
Ikilasi: Amalungelo andluleCWE: CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Okubambekayo: Hayi
Wendawo: Hayi
Kude: Yebo
Ukutholakala: 🔍
Umnyango: Umphakathi
Isimo: Ubufakazi-bokusebenza
Landa: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Ukukhula kwentengo: 🔍
Okwamanje ukuhlolwa kwentengo: 🔍
| 0-Day | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
|---|---|---|---|---|
| Namuhla | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
Ulwazi lwezingozi
Intshisekelo: 🔍Abadlali abasebenzayo: 🔍
AmaQembu e-APT asebenzayo: 🔍
Izinyathelo zokuvikela
Isincomo: akukho sithathwa esaziwayoIsimo: 🔍
0-Suku Isikhathi: 🔍
Isikhathi somlando
2024-09-19 🔍2024-09-19 🔍
2024-09-20 🔍
Imithombo
Iseluleko: github.comIsimo: Akuchazwanga
CVE: CVE-2024-9003 (🔍)
GCVE (CVE): GCVE-0-2024-9003
GCVE (VulDB): GCVE-100-278153
scip Labs: https://www.scip.ch/en/?labs.20161013
Ukungena
Kudalwa: 2024-09-19 16:32Ukuvuselelwa: 2024-09-20 10:45
Ukulungiswa: 2024-09-19 16:32 (58), 2024-09-20 10:45 (19)
Kugcwele: 🔍
Umthumeli: hexixi
Cache ID: 253:59E:103
Thumela
Yamukelwa
- Thumela #406225: Jinan galloping information technology Co., LTD JFlow 2.0.0 Exposure of Access Control List Files to an Unauthorized Control (kusuka ku hexixi)
Kuze kube manje akukabikho ukuphawula. Izilimi: nr + nd + en.
Ngiyacela ungene ngemvume ukuze ukwazi ukuphawula.