CVE-2022-31405

Medienbericht

Exploit

MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.427

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://github.com/ifmacedo/mconnect/blob/main/IDCE-ClearTextStorage

Exploit

https://mv.com.br/pt/blog/microdata-integra-novo-modulo-cockpit-ao-ris-idce

Press/Media Coverage

https://www.linkedin.com/pulse/armazenamento-inseguro-idce-mv-iran-macedo

Third Party Advisory

Exploit

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform