CVE-2024-3689

Summary

CVE-2024-3689 is a newly disclosed vulnerability affecting Zhejiang Land Zongheng Network Technology O2OA up to version 20240403. This issue lies within an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43fvfe3. Manipulation of this function results in information disclosure, posing a risk for remote attackers. The complexity of an attack is rather high, and the exploitability is considered difficult. Regrettably, the public now has access to the exploit, making it a significant concern for organizations using the affected software. VDB-260478 is the identifier assigned to this vulnerability, and unfortunately, the vendor did not respond to early notifications about the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.