PT-2023-6372 · Advantech · Advantech Webaccess

Elcazators

Publicado

2023-10-16

Atualizado

2024-10-24

CVE-2023-4215

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advantech WebAccess version 9.1.3

Description The issue is related to an exposure of sensitive information to an unauthorized actor, which could lead to the leakage of user credentials. This is due to a lack of protection for service data. Exploitation of this issue may allow a remote attacker to disclose protected information.

Recommendations For Advantech WebAccess version 9.1.3, consider restricting access to sensitive information and user credentials until a patch or fix is available. As a temporary workaround, review and strengthen the protection of service data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Information Disclosure

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-1295CWE-200CWE-266

Identificadores relacionados

BDU:2023-07084

CVE-2023-4215

Produtos afetados

Advantech Webaccess

PT-2023-6372 · Advantech · Advantech Webaccess

CVE-2023-4215

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11