HIGH🇬🇧 English

CVE-2019-15075

CVSS 7.5v3.1pub. 2020-03-20upd. 2024-11-21

An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Inextrix Astpp

    APP
    Inextrix
    < 4.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-37104HIGH8.7ten sam produkt

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download...

CVE-2020-37153HIGH7.7ten sam produkt

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP devi...