ITPison OMICARD EDM 's SMS - Path Traversal
CVE-2023-48373

7.5HIGH

Key Information:

Vendor: Itpison
Status: Omicard Edm 's Sms
Vendor: CVE Published:; 15 December 2023

What is CVE-2023-48373?

The OMICARD EDM from ITPison contains a vulnerability within the 'FileName' parameter that allows for path traversal. By manipulating this parameter, an unauthenticated remote attacker can bypass authentication mechanisms and gain access to sensitive files on the system, potentially leading to unauthorized information disclosure. It is crucial for users of this product to implement security measures to mitigate this risk.

Affected Version(s)

OMICARD EDM 's SMS v6.0.1.5

References

https://www.twcert.org.tw/tw/cp-132-7592-998bf-1.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2023
Vulnerability Reserved
Nov 16, 2023

CVE-2023-48373 Data

JSON

Itpison

What is CVE-2023-48373?

Affected Version(s)

References

CVSS V3.1

Timeline