PT-2025-32639 · Smartclient · Smartclient Soa Cockpit+2
Published
2025-08-12
·
Updated
2025-08-12
·
CVE-2024-41980
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SmartClient Opcenter QL Home (SC) versions 13.2 through 2505
SmartClient SOA Audit versions 13.2 through 2505
SmartClient SOA Cockpit versions 13.2 through 2505
Description:
The affected application does not encrypt communication in the LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.
Recommendations:
Ensure encryption is enabled for communication in the LDAP interface for SmartClient Opcenter QL Home (SC) versions 13.2 through 2505.
Ensure encryption is enabled for communication in the LDAP interface for SmartClient SOA Audit versions 13.2 through 2505.
Ensure encryption is enabled for communication in the LDAP interface for SmartClient SOA Cockpit versions 13.2 through 2505.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smartclient Opcenter Ql Home
Smartclient Soa Audit
Smartclient Soa Cockpit