CVE-2023-23327

EUVD-2023-27427
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
avantfaxavantfax
3.3.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://avantfax.com
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
http://avantfax.com
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md