CVE-2024-28387

EPSS 0.05%
Veröffentlicht 25.03.2024 14:15:09
Zuletzt bearbeitet 18.09.2025 16:40:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axonaut ≫ Axonaut SwPlatformprestashop Version < 3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://axonaut.com/integration/detail/prestashop

Product

https://security.friendsofpresta.org/modules/2024/03/19/axonaut.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-28387

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28387

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28387

EUVD