CVE Details
Basic Information
| Title | Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData server-side request forgery |
|---|---|
| Type | cve |
| Published | 2025-05-25T01:31:06.324Z |
| Last Seen |
Product Information
| Vendor | Seeyon |
|---|---|
| Product | Zhiyuan OA Web Application System |
| Version | 8.1 SP2 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The vulnerability in Seeyon Zhiyuan OA Web Application System allows remote attackers to perform server-side request forgery (SSRF) attacks by manipulating the URL argument in the getData function of the ThirdMenuController.class. This could potentially lead to unauthorized access to internal systems and data. The vendor has not responded to the disclosure. |
|---|---|
| AI Severity | Medium |
| Vendor | Seeyon |
| Product | Zhiyuan OA Web Application System |
| Affected Version | 8.1 SP2 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-918 |
| Bulletin Family | |
| Source Data | Seeyon Zhiyuan OA Web Application System 8.1 SP2 |
Source Information
| Source Data | Seeyon Zhiyuan OA Web Application System 8.1 SP2 |
|---|---|
| Source Link |
Description
A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)