Описание
An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:atvise:atvise:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:atvise:atvise:3.6:*:*:*:*:*:*:*
cpe:2.3:a:atvise:atvise:3.7:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
CWE-522
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
EPSS
Процентиль: 30%
0.00111
Низкий
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
CWE-522