{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T14:33:15.262","vulnerabilities":[{"cve":{"id":"CVE-2024-26261","sourceIdentifier":"twcert@cert.org.tw","published":"2024-02-15T03:15:35.083","lastModified":"2025-01-23T19:56:10.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded."},{"lang":"es","value":"La funcionalidad para descargar archivos en ciertos módulos de HGiga OAKlouds contiene una vulnerabilidad de lectura y eliminación arbitraria de archivos. Los atacantes pueden poner la ruta del archivo en parámetros de solicitud específicos, lo que les permite descargar el archivo sin iniciar sesión. Además, el archivo se eliminará después de descargarlo."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-organization-2.0:*:*:*:*:*:*:*:*","versionEndExcluding":"188","matchCriteriaId":"9BDDE14F-3BD2-4AF2-AAFF-BF238F360860"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-organization-3.0:*:*:*:*:*:*:*:*","versionEndExcluding":"188","matchCriteriaId":"20A6F111-728D-45DE-B7EC-1C3BC9542F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-webbase-2.0:*:*:*:*:*:*:*:*","versionEndExcluding":"1051","matchCriteriaId":"C52C10C8-08A1-4CDC-8309-C3F874EBEFF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hgiga:oaklouds-webbase-3.0:*:*:*:*:*:*:*:*","versionEndExcluding":"1051","matchCriteriaId":"B80523EB-F1BE-4F09-9613-F7CE2F556056"}]}]}],"references":[{"url":"https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}