CVE-2024-28387

EPSS 0.45%
Veröffentlicht 25.03.2024 14:15:09
Zuletzt bearbeitet 18.09.2025 16:40:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axonaut ≫ Axonaut SwPlatformprestashop Version < 3.2.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.356

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://axonaut.com/integration/detail/prestashop

Product

https://security.friendsofpresta.org/modules/2024/03/19/axonaut.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-28387

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28387

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28387

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-28387