PT-2013-4501 · Baramundi · Baramundi Management Suite

Damir Bozic

Published

2013-10-03

Updated

2013-10-03

CVE-2013-3593

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Baramundi Management Suite versions 7.5 through 8.9

Description The issue allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file, due to the use of cleartext for client-server communication and data storage.

Recommendations For versions 7.5 through 8.9, consider encrypting client-server communication and data storage to prevent sensitive information from being obtained by unauthorized parties. As a temporary workaround, restrict access to the network and sensitive files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2013-3593

Affected Products

Baramundi Management Suite

PT-2013-4501 · Baramundi · Baramundi Management Suite

CVE-2013-3593

Weakness Enumeration

Related Identifiers

Affected Products

References · 2