CRITICAL🇬🇧 English

CVE-2023-33730

CVSS 9.8v3.1pub. 2023-05-31upd. 2025-01-10

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Escanav Escan Management Console

    APP
    Escanav
    14.0.1400.2281
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2024-42919CRITICAL9.8PL ✓ten sam produkt

Błąd kontroli dostępu w eScan Management Console (acteScanAVReport)

CVE-2023-31703CRITICAL9.0ten sam produkt

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400...

CVE-2023-31702HIGH7.2ten sam produkt

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote att...

CVE-2023-34835MEDIUM5.4ten sam produkt

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...

CVE-2023-34836MEDIUM5.4ten sam produkt

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...

CVE-2023-33730 — CRITICAL 9.8 | CVEbaza.pl