PT-2019-11559 · Aquarius · Aquarius Cms

Publicado

2019-07-15

Atualizado

2020-08-24

CVE-2019-1010308

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Aquarius CMS versions prior to 4.1.1

Description: The issue concerns incorrect access control, allowing unrestricted access to the log file. This log file contains sensitive information, including passwords. The component affected is the log file, and the attack vector involves directly opening the file.

Recommendations: For versions prior to 4.1.1, update to version 4.1.1 or later to restrict access to the log file and prevent exposure of sensitive information.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2019-1010308

Produtos afetados

Aquarius Cms

PT-2019-11559 · Aquarius · Aquarius Cms

CVE-2019-1010308

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4