CVE-2024-23551

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23551

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

D

atabase scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.

References
Link Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963
Configurations

No configuration.

History

21 Nov 2024, 08:57

Type Values Removed Values Added
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963 -

08 May 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-07 22:15

Updated : 2024-11-21 08:57

NVD link : CVE-2024-23551

Mitre link : CVE-2024-23551

CVE.ORG link : CVE-2024-23551

JSON object : View

Products Affected

No product.

CWE
CWE-522

Insufficiently Protected Credentials