PT-2019-11559 · Aquarius · Aquarius Cms

Published

2019-07-15

Updated

2020-08-24

CVE-2019-1010308

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Aquarius CMS versions prior to 4.1.1

Description: The issue concerns incorrect access control, allowing unrestricted access to the log file. This log file contains sensitive information, including passwords. The component affected is the log file, and the attack vector involves directly opening the file.

Recommendations: For versions prior to 4.1.1, update to version 4.1.1 or later to restrict access to the log file and prevent exposure of sensitive information.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2019-1010308

Affected Products

Aquarius Cms

PT-2019-11559 · Aquarius · Aquarius Cms

CVE-2019-1010308

Weakness Enumeration

Related Identifiers

Affected Products

References · 4