PT-2019-13282 · Oxysoft · Knowage

Publicado

2019-08-28

·

Atualizado

2020-08-24

·

CVE-2019-13348

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Knowage versions prior to 6.1.2
Description The issue allows an authenticated user who accesses the datasources page to gain access to any data source credentials in cleartext, including databases.
Recommendations For versions prior to 6.1.2, update to version 6.1.2 or later to resolve the issue.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2019-13348

Produtos afetados

Knowage