PT-2019-14036 · Microsoft+1 · Windows+1
Publicado
2019-08-28
·
Atualizado
2020-08-24
·
CVE-2019-15294
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre version 8.10 before 8.10.1092(MR2)
Description
An issue was discovered where the Windows username and password for a custom service account are logged in cleartext to the Command centre.log file upon an upgrade, if the visitor management service is installed.
Recommendations
For Gallagher Command Centre version 8.10 before 8.10.1092(MR2), update to version 8.10.1092(MR2) or later to resolve the issue. As a temporary workaround, consider restricting access to the Command centre.log file to minimize the risk of exploitation.
Correção
Insertion into Log File
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gallagher Command Centre
Windows