CVE-2023-2766
published 2023-05-17CVE-2023-2766: A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file…
PriorityP270high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
54.23%
98.9th percentile
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| weaver | e-office | — | — |
| weaver | oa | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP GET requests to the sensitive config file path; a successful exploit returns HTTP 200 with Content-Type text/plain and body containing 'sdbuser =' and 'sdbpassword =' ↗
- →Use FOFA queries 'app="泛微-EOffice"' or 'app="泛微-eoffice"' to identify exposed Weaver OA instances on the internet ↗
- →No authentication is required; the attack is unauthenticated (PR:N, UI:N) and remotely exploitable over the network ↗
- ·The vulnerability has an extremely high EPSS score (0.91816, 99.689th percentile), indicating it is very likely being actively exploited in the wild ↗
- ·The vendor (Weaver) was contacted early about this disclosure but did not respond; no official patch confirmation is available ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Weaver OA 9.5 - Information Disclosure
nuclei·CVSS 7.5
CVE-2023-2766 [HIGH] Weaver OA 9.5 - Information Disclosure
Weaver OA 9.5 - Information Disclosure
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.
Template:
id: CVE-2023-2766
info:
name: Weaver OA 9.5 - Information Disclosure
author: DhiyaneshDK
severity: high
description: |
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.
remediation: |
Apply the latest security patches a
No writeups or analysis indexed.
2023-05-17
Published