7.5
CVE-2024-50528
- EPSS 0.62%
- Veröffentlicht 04.11.2024 14:15:15
- Zuletzt bearbeitet 06.11.2024 17:06:03
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginStacks Mobile App Builder <= 5.2.3 - Unauthenticated Sensitive Information Disclosure
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
Mögliche Gegenmaßnahme
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder
Version
*-5.2.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Stacksmarket ≫ Stacks Mobile App Builder SwPlatformwordpress Version <= 5.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.693 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| audit@patchstack.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.