CVE-2022-47076

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
smartofficepayrollsmartoffice
𝑥
≤ 20.28
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
https://youtu.be/D42upepxzwM
http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
https://youtu.be/D42upepxzwM