exploitDog

CVE-2024-25654

Опубликовано: 18 мар. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.

Ссылки

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654
Exploit
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avsystem:unified_management_platform:23.07.0.16567:*:*:*:lts:*:*:*

EPSS

Процентиль: 8%

0.00028

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-532

CWE-276

Связанные уязвимости

GHSA-3phv-44jf-4v33

CVSS3: 5.5

github

почти 2 года назад

Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.

EPSS

Процентиль: 8%

0.00028

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-532

CWE-276