Arbitrary File Read Vulnerability in YonBIP by Yonyou
CVE-2023-51926

7.5HIGH

Key Information:

Vendor

Yonyou

Status
Yonbip
Vendor
CVE Published:
20 January 2024

What is CVE-2023-51926?

The YonBIP v3_23.05 product by Yonyou is impacted by a vulnerability that allows for arbitrary file reading through the component nc.bs.framework.comn.serv.CommonServletDispatcher. This flaw may enable unauthorized users to access sensitive files within the system, posing a significant security threat. Organizations utilizing this version of YonBIP should prioritize remedial actions to safeguard their data integrity and confidentiality.

References

https://www.yonyou.com/
http://yonbip.com
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/m...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2023-51926 : Arbitrary File Read Vulnerability in YonBIP by Yonyou