7.3
CVE-2022-47561
- EPSS 0.17%
- Veröffentlicht 20.09.2023 08:15:15
- Zuletzt bearbeitet 21.11.2024 07:32:11
- Quelle cve-coordination@incibe.es
- CVE-Watchlists
- Unerledigt
LoginUnprotected Storage of Credentials in Ormazabal products
The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ormazabal ≫ Ekorccp Firmware Version601j
Ormazabal ≫ Ekorrci Firmware Version601j
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| cve-coordination@incibe.es | 7.3 | 2.5 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products