PT-2022-3852 · Filewave · Filewave
Published
2022-07-25
·
Updated
2022-08-02
·
CVE-2022-34906
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FileWave versions prior to 14.6.3
FileWave versions 14.7.x prior to 14.7.2
Description
A hard-coded cryptographic key is used in the software. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave and send crafted requests.
Recommendations
For versions prior to 14.6.3, update to version 14.6.3 or later.
For versions 14.7.x prior to 14.7.2, update to version 14.7.2 or later.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Filewave