Details of VAR-202106-2328

ID

VAR-202106-2328

TITLE

Kingdee Cloud·Xingkong has arbitrary file reading vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-34325

DESCRIPTION

Kingdee Cloud·Xingkong is a new generation of strategic enterprise management software developed by Kingdee Software (China) Co., Ltd. based on cutting-edge technologies such as cloud computing, big data, social networking, artificial intelligence, and the Internet of Things. Kingdee Cloud·Xingkong has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2021-34325

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-34325

AFFECTED PRODUCTS

vendor:

kingdee

model:

cloud·xingkong

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-34325

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-34325
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-34325
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-34325

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-34325

Trust: 0.6

sources: CNVD: CNVD-2021-34325

SOURCES

db:

CNVD

id:

CNVD-2021-34325

LAST UPDATE DATE

2022-05-04T09:59:28.878000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-34325

date:

2021-05-13T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-34325

date:

2021-06-11T00:00:00