Описание
Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges.
Ссылки
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:aenovo:aenovo:*:*:*:*:*:*:*:*
cpe:2.3:a:aenovo:aenovoshop:*:*:*:*:*:*:*:*
cpe:2.3:a:aenovo:aenovowysi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.0009
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges.
EPSS
Процентиль: 26%
0.0009
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other