Lucene search

MitreCVE-2023-27132

HistoryOct 17, 2023 - 4:15 p.m.

CVE-2023-27132

2023-10-1716:15:09

CWE-522

mitre

web.nvd.nist.gov

cve-2023-27132

tsplus remote work

cleartext password

html source code

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.013

Percentile

86.2%

JSON

TSplus Remote Work 16.0.0.0 places a cleartext password on the “var pass” line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.

Affected configurations

Nvd

Node

tsplustsplus_remote_workRange≤16.0.0.0

VendorProductVersionCPE
tsplustsplus_remote_work*cpe:2.3:a:tsplus:tsplus_remote_work:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tsplus	tsplus_remote_work	*	cpe:2.3:a:tsplus:tsplus_remote_work::::::::

References

packetstormsecurity.com/files/174271

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.013

Percentile

86.2%

JSON

Related for CVE-2023-27132