CVE-2023-48374 - Vulnerability Details - OpenCVE

SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00194.

Key SSVC decision points have not yet been added.

Vendors	Products
Csharp	Cws Collaborative Development Platform

Configuration 1 [-]

cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-52426	SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information.

Fixes

Solution

Update to the latest version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-12-15T07:39:47.814Z

Updated: 2024-08-02T21:30:34.432Z

Reserved: 2023-11-16T03:49:45.971Z

Link: CVE-2023-48374

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-15T08:15:44.563

Modified: 2024-11-21T08:31:35.610

Link: CVE-2023-48374

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48374", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-11-16T03:49:45.971Z", "datePublished": "2023-12-15T07:39:47.814Z", "dateUpdated": "2024-08-02T21:30:34.432Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CWS Web-Base", "vendor": "SmartStar Software", "versions": [{"status": "affected", "version": "v10.25"}]}], "datePublic": "2023-12-15T07:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information."}], "value": "SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information."}], "impacts": [{"capecId": "CAPEC-70", "descriptions": [{"lang": "en", "value": "CAPEC-70: Try Common or Default Usernames and Passwords"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-12-15T07:39:47.814Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to the latest version."}], "value": "Update to the latest version."}], "source": {"advisory": "TVN-202312004", "discovery": "EXTERNAL"}, "title": "SmartStar Software CWS Web-Base - Use of Hard-coded Credentials", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:34.432Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*", "matchCriteriaId": "10CC0021-D5D9-4794-9ABE-DF8F1B21F6A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service or obtain sensitive information."}, {"lang": "es", "value": "SmartStar Software CWS es una plataforma de integraci\u00f3n basada en web, tiene la vulnerabilidad de utilizar un c\u00f3digo r\u00edgido para una cuenta espec\u00edfica con privilegios bajos. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para ejecutar procesos parciales y obtener informaci\u00f3n parcial, pero no puede interrumpir el servicio ni obtener informaci\u00f3n confidencial."}], "id": "CVE-2023-48374", "lastModified": "2024-11-21T08:31:35.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-15T08:15:44.563", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7593-d3e5b-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}