cbcvebase.
CVE-2023-2766
published 2023-05-17

CVE-2023-2766: A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file…

PriorityP270high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
54.23%
98.9th percentile
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected

2 ranges
VendorProductVersion rangeFixed in
weavere-office
weaveroa

Detection & IOCsextracted from sources · hover to see the quote

path/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini
url{{BaseURL}}/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini
othersdbuser =
othersdbpassword =
  • Detect exploitation attempts by monitoring HTTP GET requests to the sensitive config file path; a successful exploit returns HTTP 200 with Content-Type text/plain and body containing 'sdbuser =' and 'sdbpassword ='
  • Use FOFA queries 'app="泛微-EOffice"' or 'app="泛微-eoffice"' to identify exposed Weaver OA instances on the internet
  • No authentication is required; the attack is unauthenticated (PR:N, UI:N) and remotely exploitable over the network
  • ·The vulnerability has an extremely high EPSS score (0.91816, 99.689th percentile), indicating it is very likely being actively exploited in the wild
  • ·The vendor (Weaver) was contacted early about this disclosure but did not respond; no official patch confirmation is available

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.