Описание
Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kentico:xperience:10.0.42:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00459
Низкий
7.2 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time.
EPSS
Процентиль: 64%
0.00459
Низкий
7.2 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522