Vulnerability Description
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Electronic Official Document Management System Project | Electronic Official Document Management System | < 5.0.77 |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/en/cp-139-7924-85606-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.htmlThird Party Advisory
- https://www.twcert.org.tw/en/cp-139-7924-85606-2.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.htmlThird Party Advisory
FAQ
What is CVE-2024-6737?
CVE-2024-6737 is a vulnerability with a CVSS score of 8.8 (HIGH). The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account sett...
How severe is CVE-2024-6737?
CVE-2024-6737 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-6737?
Check the references section above for vendor advisories and patch information. Affected products include: Electronic Official Document Management System Project Electronic Official Document Management System.