CVE-2024-10122

EPSS 0.05%
Veröffentlicht 18.10.2024 19:15:13
Zuletzt bearbeitet 06.11.2024 22:05:23
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Topdata ≫ Inner Rep Plus Version2.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.155

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	3.3	6.4	2.9	AV:N/AC:L/Au:M/C:P/I:N/A:N

CWE-549 Missing Password Field Masking

The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

https://vuldb.com/?ctiid.280914

Permissions Required

https://vuldb.com/?id.280914

Third Party Advisory

https://vuldb.com/?submit.421292

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-10122

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10122

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10122

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10122