A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Mon, 04 Nov 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Tongda2000
Tongda2000 office Anywhere
Weaknesses CWE-862
CPEs cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*
Vendors & Products Tongda2000
Tongda2000 office Anywhere

Fri, 01 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Tongda
Tongda oa 2017
CPEs cpe:2.3:a:tongda:oa_2017:*:*:*:*:*:*:*:*
Vendors & Products Tongda
Tongda oa 2017
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 31 Oct 2024 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Title Tongda OA Annual Leave data.php improper authorization
Weaknesses CWE-285
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-10-31T21:31:04.186Z

Updated: 2024-11-01T14:36:22.768Z

Reserved: 2024-10-31T15:24:59.187Z

Link: CVE-2024-10598

cve-icon Vulnrichment

Updated: 2024-11-01T14:36:16.263Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-31T22:15:02.960

Modified: 2024-11-04T19:44:05.513

Link: CVE-2024-10598

cve-icon Redhat

No data.