PT-2023-25621 · Pos/ Dienstleistung · Cashit!
Daniel
+12
·
Published
2023-10-03
·
Updated
2023-12-28
·
CVE-2023-3655
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
cashIT! - serving solutions versions to 03.A06rks 2023.02.37
Description
The issue affects devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" and allows for the leakage of the database, including system settings and user accounts. This can be triggered by an HTTP endpoint exposed to the network.
Recommendations
For versions to 03.A06rks 2023.02.37, as a temporary workaround, consider restricting access to the exposed HTTP endpoint until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cashit!