Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExplorance Blue
APPExplorance< 8.14.12
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2025-57792CRITICAL10.0PL ✓ten sam produkt
SQL Injection bez uwierzytelnienia w Explorance Blue (CVE-2025-57792)
CVE-2025-57794CRITICAL9.1PL ✓ten sam produkt
RCE przez unrestricted file upload w Explorance Blue (panel admina)
CVE-2025-57795CRITICAL9.9PL ✓ten sam produkt
RCE przez podatny upload plików w Explorance Blue (CVE-2025-57795)
CVE-2025-57793HIGH8.6ten sam produkt
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validati...
CVE-2025-52344MEDIUM6.1ten sam produkt
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers ...