8.7
CVE-2024-39776
- EPSS 0.39%
- Veröffentlicht 22.08.2024 20:15:08
- Zuletzt bearbeitet 04.09.2024 18:25:51
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAvtec Outpost Storage of File with Sensitive Data Under Web Root
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avtecinc ≫ Outpost Uploader Utility Version < 5.0.0
Avtecinc ≫ Outpost 0810 Firmware Version < 5.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.307 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-219 Storage of File with Sensitive Data Under Web Root
The product stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-235-04