Описание
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.0119
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-319
CWE-319
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
EPSS
Процентиль: 78%
0.0119
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-319
CWE-319