CVE-2024-3689 LOW

CVE-2024-3689: Zhejiang Land Zongheng Network Technology O2OA information disclosure

Vendor Zhejiang Land Zongheng Network Technology
Product O2OA
Weakness CWE-200 · Info exposure
Published April 12, 2024
Last update August 20, 2024
View on NVD All CVEs

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

April 12, 2024 CVE published
August 20, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-52151 WordPress Uncanny Automator Plugin <= 5.1.0.2 is vulnerable to Sensitive Data Exposure CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE) CVE-2022-23469 Authorization header displayed in the debug logs CVE-2025-14726 Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints CVE-2018-3826