Lucene search
551230f0-3615-47bd-b7cc-93e92e730bbfNVD:CVE-2024-36497HistoryJun 24, 2024 - 9:15 a.m.
CVE-2024-36497
2024-06-2409:15:09
CWE-312
551230f0-3615-47bd-b7cc-93e92e730bbf
web.nvd.nist.gov
4
cve
configuration file
cleartext password
winselect
restrictions
disable
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
15.8%
The decrypted configuration file contains the password in cleartext
which is used to configure WINSelect. It can be used to remove the
existing restrictions and disable WINSelect entirely.
Related
cvelist
cvelist
CVE-2024-36497 Unhashed Storage of Password
2024-06-24 09:06:03
vulnrichment
vulnrichment
CVE-2024-36497 Unhashed Storage of Password
2024-06-24 09:06:03
cve
cve
CVE-2024-36497
2024-06-24 09:15:09
packetstorm
packetstorm
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
15.8%
Related for NVD:CVE-2024-36497