CVE-2024-6400

Cleartext Storage of Username and Password in Finrota's Netahsilat

CVSS 8.2 HIGHEPSS 0.6%CWE-202 CWE-312

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:L/VA:L/SC:H/SI:N/SA:N

Produtos afetados

Finrota · Netahsilat

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1611 https://www.usom.gov.tr/bildirim/tr-24-1611