CVE-2024-25654

Exploit

EPSS 0.03%
Veröffentlicht 18.03.2024 20:15:08
Zuletzt bearbeitet 14.03.2025 01:15:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avsystem ≫ Unified Management Platform Version23.07.0.16567 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-25654

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25654

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25654

EUVD