CWS
by EtherTokens
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48376 | 0.00 | — | 0.01 | Dec 15, 2023 | SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt… | |||
| CVE-2023-48375 | 0.00 | — | 0.01 | Dec 15, 2023 | SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute… | |||
| CVE-2023-48374 | 0.00 | — | 0.01 | Dec 15, 2023 | SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't… | |||
| CVE-2018-13664 | 0.00 | — | 0.01 | Jul 9, 2018 | The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
- CVE-2023-48376Dec 15, 2023risk 0.00cvss —epss 0.01
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt…
- CVE-2023-48375Dec 15, 2023risk 0.00cvss —epss 0.01
SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute…
- CVE-2023-48374Dec 15, 2023risk 0.00cvss —epss 0.01
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't…
- CVE-2018-13664Jul 9, 2018risk 0.00cvss —epss 0.01
The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.