PT-2023-6372 · Advantech · Advantech Webaccess
Elcazators
·
Published
2023-10-16
·
Updated
2024-10-24
·
CVE-2023-4215
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess version 9.1.3
Description
The issue is related to an exposure of sensitive information to an unauthorized actor, which could lead to the leakage of user credentials. This is due to a lack of protection for service data. Exploitation of this issue may allow a remote attacker to disclose protected information.
Recommendations
For Advantech WebAccess version 9.1.3, consider restricting access to sensitive information and user credentials until a patch or fix is available. As a temporary workaround, review and strengthen the protection of service data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Information Disclosure
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advantech Webaccess