TVN ID | TVN-202407020 |
---|---|
CVE ID | CVE-2024-7323 |
CVSS | 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Affected Products | EasyFlow .NET V5.x V6.1.x V6.6.x |
Description | Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server . |
Solution | For version V5.x and V6.1.x, please install the patch (released on 2024/05/20).For version V6.6.x, please update to version V6.6.17 or later. |
Credit | Huang Yu Ze (CHT Security) |
Public Date | 2024-08-01 |