CHOCO TEI WATCHER MINI VULNERABILITY

MEDIUM (4.3) No Patch
cwe-1021aenrichchoco-tei-watcher-miniib-mct001vulnerability-injectionweb-monitoring-tool

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

CHOCO TEI WATCHER mini is a software tool used for monitoring and managing web-based content. It's designed to provide real-time updates on web pages, allowing users to quickly identify and respond to changes. However, this vulnerability allows attackers to execute unintended operations on the product by clicking on malicious content while logged in.

Am I affected?

You're affected if you use CHOCO TEI WATCHER mini version 1.0 or earlier. To check if your instance is vulnerable, run the following command:

find / -name "ib-mct001.jar" 2>/dev/null

Note that this vulnerability is specific to CHOCO TEI WATCHER mini and not related to other similar products.

Affected Products

aEnrich / CHOCO TEI WATCHER mini

How to fix

To fix this vulnerability, update to version 1.1 or later. You can download the patched version from:

  • The official CHOCO TEI WATCHER mini website (no public patch link available in the advisory)

Immediate mitigations:

  • Restrict network access to your CHOCO TEI WATCHER mini instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized changes

References