PT-2023-25621 · Pos/ Dienstleistung · Cashit!

Daniel

+12

·

Publicado

2023-10-03

·

Atualizado

2023-12-28

·

CVE-2023-3655

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions cashIT! - serving solutions versions to 03.A06rks 2023.02.37
Description The issue affects devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" and allows for the leakage of the database, including system settings and user accounts. This can be triggered by an HTTP endpoint exposed to the network.
Recommendations For versions to 03.A06rks 2023.02.37, as a temporary workaround, consider restricting access to the exposed HTTP endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-749

Identificadores relacionados

CVE-2023-3655

Produtos afetados

Cashit!