CVE-2021-34683

An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
eice-document_system
3.0
𝑥
= Vulnerable software versions
References
https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34683
https://www.eic.com.tw/eicHome/pro00.html
https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34683
https://www.eic.com.tw/eicHome/pro00.html