{"cve":{"cve_id":"CVE-2024-6737","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00616,"epss_percentile":0.44802,"epss_as_of":"2026-06-23","description":"The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY  is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.","published_at":"2024-07-15T02:23:06.055000Z","last_modified_at":null,"cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-284"],"nvd_references":["https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html","https://www.twcert.org.tw/en/cp-139-7924-85606-2.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T02:20:07.496563Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"2100-technology","vendor_name":"2100 Technology","product_slug":"electronic-official-document-management-system","product_name":"Electronic Official Document Management System","version_start":"all","version_start_inclusive":true,"version_end":"5.0.77","version_end_inclusive":false,"cpe23_uri":"cve5:2100-technology:electronic-official-document-management-system:all:5.0.77"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html","source_type":"MISC","tags":[]},{"url":"https://www.twcert.org.tw/en/cp-139-7924-85606-2.html","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-07-15T02:23:06.055000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:39:59.661105Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:59.661105Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:59.661105Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:20:07.496563Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:20:07.496563Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:20:07.496563Z","label":"SSVC decision revised","source":"vulnrichment"}]}