PT-2025-17431 · Unknown · Eol Ova Based Connect
Published
2025-04-21
·
Updated
2025-04-21
·
CVE-2025-3838
CVSS v4.0
6.1
Medium
| Vector | AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
EOL OVA based connect component (affected versions not specified)
Description
An Improper Authorization issue was identified in the EOL OVA based connect component, which could allow unauthorized access to the local database containing weakly hashed credentials of the installer under certain conditions. This component was deprecated in September 2023, with end of support extended until January 2024.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Eol Ova Based Connect