Описание
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nokia:1350_optical_management_system:14.2:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
7.5 High
CVSS3
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs under /usr/Systems/OTNE_1_14_Master/maintenance/trace/web/.otn.default.log. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
EPSS
Процентиль: 53%
0.003
Низкий
7.5 High
CVSS3
Дефекты
CWE-532