CVE-2024-3689 | Zhejiang Land Zongheng Network Technology O2OA up to 20240403 list information disclosure

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure.

This vulnerability is traded as CVE-2024-3689. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-3689 | Zhejiang Land Zongheng Network Technology O2OA up to 20240403 list information disclosure

Post correlati

CVE-2024-1477 | aankit Easy Maintenance Mode Plugin up to 1.4.2 on WordPress REST API information disclosure

CVE-2024-22393 | Apache Answer up to 1.2.1 File Upload Pixel Flood resource consumption

CVE-2024-22257 | Vmware Spring Security up to 5.7.11/5.8.10/6.0.9/6.1.7/6.2.2 AuthenticatedVoter access control

CVE-2024-0506 | Elementor Website Builder Plugin up to 3.18.3 on WordPress get_image_alt cross site scripting