PT-2024-38686 · Anhui Deshun Intelligent Technology · Jielink+ Jsotc2016

Sanbao

Published

2024-08-18

Updated

2024-08-23

CVE-2024-7919

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805

Description A critical issue has been found in the processing of the file /report/ParkChargeRecord/GetDataList, leading to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805, patch immediately and review access permissions to mitigate the risk of remote exploitation. As a temporary workaround, consider restricting access to the /report/ParkChargeRecord/GetDataList file until a patch is available.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2024-7919

Affected Products

Jielink+ Jsotc2016

PT-2024-38686 · Anhui Deshun Intelligent Technology · Jielink+ Jsotc2016

CVE-2024-7919

Weakness Enumeration

Related Identifiers

Affected Products

References · 15