Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zhejiang Land Zongheng Network Technology O2OA information disclosure
Vulnerability Description
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
O2OA 信息泄露漏洞
Vulnerability Description
LanDe Network O2oa是中国兰德网络(LanDe Network)公司的一个 Oa 办公系统。 O2OA 20240403及之前版本中存在信息泄露漏洞,该漏洞源于文件/x_portal 的未知功能会导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A