Vulnerabilities > CVE-2021-34683 - Unspecified vulnerability in EIC E-Document System 3.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

eic

NVD

Published: 2021-06-16

Updated: 2024-11-21

Summary

An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page.

Vulnerable Configurations

Part	Description	Count
Application	Eic EIC E Document System 3.0	1

References

https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34683
https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34683
https://www.eic.com.tw/eicHome/pro00.html
https://www.eic.com.tw/eicHome/pro00.html