A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHamastar Meetinghub Paperless Meetings
APPHamastar2021
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
References
Related vulnerabilities
CVE-2026-1331CRITICAL9.3PL ✓ten sam produkt
Arbitrary File Upload w Hamastar MeetingHub umożliwia RCE bez uwierzytelnienia
CVE-2024-6117CRITICAL9.3PL ✓ten sam produkt
Nieograniczony upload plików w Hamastar MeetingHub — zdalne wykonanie poleceń
CVE-2026-1330HIGH8.7ten sam produkt
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated...
CVE-2026-1332MEDIUM6.9ten sam produkt
MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticat...