PT-2025-34601 · Unknown · Minova Tta
Stefan Mettler
·
Publicado
2025-08-25
·
Atualizado
2025-08-25
·
CVE-2025-7426
CVSS v4.0
9.3
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
MINOVA TTA version 11.17.0
Description:
The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import structures. Debug ports 1602, 1603, and 1636 also expose service architecture information and system activity logs. In environments where the FTP server is integrated into automated business processes like EDI or data integration, this could lead to data manipulation, extraction, or abuse.
Recommendations:
MINOVA TTA version 11.17.0: Isolate or disable debug ports 1602, 1603, 1604, and 1636.
MINOVA TTA version 11.17.0: Rotate FTP credentials.
Exploit
Correção
Cleartext Storage of Sensitive Information
Insertion into Log File
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Minova Tta