Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEscanav Escan Management Console
APPEscanav14.0.1400.2281
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
Powiązane podatności
CVE-2024-42919CRITICAL9.8PL ✓ten sam produkt
Błąd kontroli dostępu w eScan Management Console (acteScanAVReport)
CVE-2023-31703CRITICAL9.0ten sam produkt
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400...
CVE-2023-31702HIGH7.2ten sam produkt
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote att...
CVE-2023-34835MEDIUM5.4ten sam produkt
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...
CVE-2023-34836MEDIUM5.4ten sam produkt
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...