{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-34209","assignerOrgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","state":"PUBLISHED","assignerShortName":"ZUSO ART","dateReserved":"2023-05-30T09:41:32.477Z","datePublished":"2023-10-17T04:00:28.128Z","dateUpdated":"2024-09-13T18:05:39.995Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"MailHunter Ultimate","vendor":"EasyUse Digital Technology","versions":[{"lessThanOrEqual":"2023","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2023-10-17T04:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter."}],"value":"Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-497","description":"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","shortName":"ZUSO ART","dateUpdated":"2023-10-17T04:00:28.128Z"},"references":[{"tags":["third-party-advisory"],"url":"https://zuso.ai/Advisory/ZA-2023-06"}],"source":{"defect":["ZA-2023-06"],"discovery":"EXTERNAL"},"title":"Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:01:54.279Z"},"title":"CVE Program Container","references":[{"tags":["third-party-advisory","x_transferred"],"url":"https://zuso.ai/Advisory/ZA-2023-06"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-13T17:37:11.061159Z","id":"CVE-2023-34209","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-13T18:05:39.995Z"}}]}}