PT-2024-31239 · Unknown · Shenzhou News Union Enterprise Management System
Published
2024-08-28
·
Updated
2024-11-15
·
CVE-2024-44760
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Shenzhou News Union Enterprise Management System versions 5.0 through 18.8
Description
The issue is related to incorrect access control in the component /servlet/SnoopServlet, allowing attackers to access sensitive information regarding the server.
Recommendations
For versions 5.0 through 18.8, consider disabling access to the /servlet/SnoopServlet component until a patch is available to prevent unauthorized access to sensitive server information.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shenzhou News Union Enterprise Management System