CVE-2023-5296

Name of the Vulnerable Software and Affected Versions Xinhu RockOA versions 1.1 through 2.3.2 Xinhu RockOA version 15.X3amdi

Description A vulnerability was found in the Password Handler component of Xinhu RockOA, affecting some unknown functionality of the file api.php?m=reimplat&a=index. This issue leads to weak password recovery and can be exploited remotely.

Recommendations For Xinhu RockOA versions 1.1 through 2.3.2, consider disabling the api.php?m=reimplat&a=index endpoint until a patch is available. For Xinhu RockOA version 15.X3amdi, consider restricting access to the Password Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.