CVE-2020-18406 : An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sen

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.

Published 2023-06-27 20:15:09

Updated 2023-07-05 16:30:17

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-18406

Cmseasy » Cmseasy » Version: 7.0
cpe:2.3:a:cmseasy:cmseasy:7.0:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: nvd@nist.gov (Primary)

https://github.com/source-hunter/cmseasy/issues/1

Bug: V7.0 User credentials are sent in clear text Vulnerability · Issue #1 · source-hunter/cmseasy · GitHub
Exploit;Issue Tracking

Jump to