PT-2024-37395 · Hamastar · Hamastar Meetinghub Paperless Meetings
Yen Chun Shen
·
Published
2024-08-05
·
Updated
2024-08-30
·
CVE-2024-6118
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Hamastar MeetingHub Paperless Meetings version 2021
Description:
A Plaintext Storage of a Password issue in the ebooknote function allows remote attackers to obtain other users' credentials and gain access to the product via an XML file.
Recommendations:
For Hamastar MeetingHub Paperless Meetings version 2021, consider disabling the ebooknote function until a patch is available to prevent remote attackers from obtaining user credentials. Restrict access to XML files to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hamastar Meetinghub Paperless Meetings