CVE-2021-34683

EUVD-2021-21333
An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
eice-document_system
3.0
𝑥
= Vulnerable software versions
References
https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34683
https://www.eic.com.tw/eicHome/pro00.html
https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34683
https://www.eic.com.tw/eicHome/pro00.html