PT-2023-15403 · Ekorrci+1 · Ekorrci+1
Published
2023-09-20
·
Updated
2024-08-03
·
CVE-2022-47560
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ekorCCP (affected versions not specified)
ekorRCI (affected versions not specified)
Description
The lack of web request control on devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.
Recommendations
For ekorCCP, consider restricting access to the device when a user is logged in until a fix is available.
For ekorRCI, consider restricting access to the device when a user is logged in until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ekorccp
Ekorrci