{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-6737",
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "state": "PUBLISHED",
        "assignerShortName": "twcert",
        "dateReserved": "2024-07-15T02:05:03.242Z",
        "datePublished": "2024-07-15T02:23:06.055Z",
        "dateUpdated": "2024-08-01T21:41:04.596Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "product": "Electronic Official Document Management System",
                    "vendor": "2100 TECHNOLOGY",
                    "versions": [
                        {
                            "lessThan": "5.0.77",
                            "status": "affected",
                            "version": "all",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "datePublic": "2024-07-15T02:16:00.000Z",
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY  is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account."
                        }
                    ],
                    "value": "The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY  is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-1",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "HIGH",
                        "baseScore": 8.8,
                        "baseSeverity": "HIGH",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "LOW",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-284",
                            "description": "CWE-284: Improper Access Control",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
                "shortName": "twcert",
                "dateUpdated": "2024-07-15T02:23:06.055Z"
            },
            "references": [
                {
                    "tags": [
                        "third-party-advisory"
                    ],
                    "url": "https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html"
                },
                {
                    "tags": [
                        "third-party-advisory"
                    ],
                    "url": "https://www.twcert.org.tw/en/cp-139-7924-85606-2.html"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": " Updated to 5.0.77 or later versions. (released on 112/04/20) "
                        }
                    ],
                    "value": "Updated to 5.0.77 or later versions. (released on 112/04/20)"
                }
            ],
            "source": {
                "advisory": "TVN-202407003",
                "discovery": "EXTERNAL"
            },
            "title": "2100 TECHNOLOGY Electronic Official Document Management System - Broken Access Control",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "affected": [
                    {
                        "vendor": "2100technology",
                        "product": "electronic_official_document_management_system",
                        "cpes": [
                            "cpe:2.3:a:2100technology:electronic_official_document_management_system:*:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unaffected",
                        "versions": [
                            {
                                "version": "0",
                                "status": "affected",
                                "lessThan": "5.0.77",
                                "versionType": "custom"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-07-15T13:11:16.046635Z",
                                "id": "CVE-2024-6737",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-07-15T13:25:00.580Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-01T21:41:04.596Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "tags": [
                            "third-party-advisory",
                            "x_transferred"
                        ],
                        "url": "https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html"
                    },
                    {
                        "tags": [
                            "third-party-advisory",
                            "x_transferred"
                        ],
                        "url": "https://www.twcert.org.tw/en/cp-139-7924-85606-2.html"
                    }
                ]
            }
        ]
    }
}