5.9
CVE-2023-4384
- EPSS 0.36%
- Veröffentlicht 16.08.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:58
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginMaximaTech Portal Executivo Cookie missing encryption
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Maximatech ≫ Portal Executivo Version21.9.1.140
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.273 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| cna@vuldb.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:P/I:N/A:N
|
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
https://l6x.notion.site/PoC-7041cf9625554273b17148de85705d06?pvs=4
https://vuldb.com/?ctiid.237316
https://vuldb.com/?id.237316