PT-2024-22374 · Puwell Cloud Tech Co · 360Eyes Pro
Eric Daigle
·
Published
2024-04-03
·
Updated
2024-08-01
·
CVE-2024-28275
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Puwell Cloud Tech Co, Ltd 360Eyes Pro version 3.9.5.16
Description
The issue allows attackers to intercept and access sensitive information because it transmits this data in cleartext. This includes users' credentials and password change requests.
Recommendations
For version 3.9.5.16, consider implementing encryption for sensitive data transmission to prevent interception. As a temporary workaround, restrict access to sensitive information until a proper fix is applied.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
360Eyes Pro