Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app.
References
Link | Resource |
---|---|
https://cve.report/CVE-2023-33524 | Third Party Advisory |
https://gist.github.com/barrett092/9ed092e4b14b9145f4d046556eb9dab7 | Third Party Advisory |
https://www.advent.com/resources/all-resources/info-kit-tamale-rms-for-asset-owners/ | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-05T00:00:00
Updated: 2023-06-06T00:00:00
Reserved: 2023-05-22T00:00:00
Link: CVE-2023-33524
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-05T17:15:08.940
Modified: 2023-06-09T22:54:48.677
Link: CVE-2023-33524
JSON object: View
Redhat Information
No data.
CWE