PT-2024-28786 · Sl 200+2 · Sl 200+2
Nepenthe0320
·
Published
2024-07-26
·
Updated
2024-11-11
·
CVE-2024-40116
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Solar-Log 1000 versions prior to 2.8.2 and build 52-23.04.2013
SL 200 versions prior to 3.0.0-60
SL 500 versions prior to 3.0.0-60
Description
The issue concerns the storage of plaintext passwords in certain files, specifically export.html, email.html, and sms.html. This affects the ability to secure user credentials properly.
Recommendations
For Solar-Log 1000 versions prior to 2.8.2 and build 52-23.04.2013, update to version 3.0.0-60 or later.
For SL 200 and SL 500, update to version 3.0.0-60 or later.
As a temporary workaround, consider restricting access to the export.html, email.html, and sms.html files until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sl 200
Sl 500
Solar-Log 1000