> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Seeyon OA is a widely used enterprise Office Automation (OA) platform that helps organizations streamline daily tasks and workflow management.
Recently, Seeyon released a new patch addressing a critical front-end vulnerability that allows attackers to reset any user’s password without authentication.
Chaitin Tech’s emergency response team analyzed the issue and confirmed that many internet-facing Seeyon OA systems remain unpatched and exploitable. To help defenders, they have released a harmless X-POC remote scanner and a CloudWalker local detection tool that are publicly available.
Vulnerability Description
A password reset API in Seeyon OA can be accessed without authentication.
By sending a crafted request, attackers can change the password of any user account — including privileged admin accounts.
This gives attackers a direct path to hijack corporate OA systems.
Detection Tools
X-POC Remote Detection
Command:
./xpoc -r 406 -t http://xpoc.org
Download:
CloudWalker Local Detection
Command:
seeyon_oa_resetpass_ct_868971_scanner_windows_amd64.exe
Download:
Affected Versions
- V5/G6
- V8.1 SP2
- V8.2
Solutions
Temporary Mitigation
Apply network ACLs to restrict access — e.g., only allow trusted IP ranges to reach Seeyon OA systems.
Official Fix
Seeyon has released an official patch:
🔗 Patch Download (Official Site)
Product Support
- Yuntu: Supports fingerprint recognition & POC detection
- Dongjian: Supports custom POC detection
- SafeLine WAF: Virtual patch released, blocks exploitation attempts
- Quanxi: Rule updates released, detects this vulnerability
-
CloudWalker: Users on platform
23.05.001+can download the emergency vulnerability intel pack (EMERVULN-23.09.007) to detect exploitation attempts. Older versions should contact CloudWalker support.
Timeline
- Sept 6 – Seeyon OA published official patch
- Sept 7 – Chaitin Emergency Lab analyzed and reproduced the vulnerability
- Sept 7 – Chaitin Security Response Center released advisory
References
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)