Описание
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:algosec:fireflow:a32.20:*:*:*:*:*:*:*
cpe:2.3:a:algosec:fireflow:a32.50:*:*:*:*:*:*:*
cpe:2.3:a:algosec:fireflow:a32.60:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
5.9 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.9
github
больше 2 лет назад
Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks.
EPSS
Процентиль: 12%
0.00041
Низкий
5.9 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79