Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExplorance Blue
APPExplorance< 8.14.12
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Powiązane podatności
CVE-2025-57792CRITICAL10.0PL ✓ten sam produkt
SQL Injection bez uwierzytelnienia w Explorance Blue (CVE-2025-57792)
CVE-2025-57794CRITICAL9.1PL ✓ten sam produkt
RCE przez unrestricted file upload w Explorance Blue (panel admina)
CVE-2025-57795CRITICAL9.9PL ✓ten sam produkt
RCE przez podatny upload plików w Explorance Blue (CVE-2025-57795)
CVE-2025-57793HIGH8.6ten sam produkt
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validati...
CVE-2025-52344MEDIUM6.1ten sam produkt
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers ...