CVE-2022-24581

Published: Jun 2, 2022Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.

Affected (1)

Products: Aceware: Aceweb Online Portal

1 product

Aceweb Online Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Aceware Aceweb Online Portal	Before 3.5.065

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://aceware.com

Source: cve@mitre.org

Product

http://aceweb.com

Source: cve@mitre.org

Product

https://www.aceware.com/forum/viewtopic.php?f=7&t=481

Source: cve@mitre.org

Release NotesVendor Advisory

http://aceware.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

http://aceweb.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.aceware.com/forum/viewtopic.php?f=7&t=481

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.