CRITICAL🇵🇱 Wersja polska

CVE-2023-33730

CVSS 9.8v3.1pub. 2023-05-31upd. 2025-01-10

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Escanav Escan Management Console

    APP
    Escanav
    14.0.1400.2281
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-42919CRITICAL9.8PL ✓ten sam produkt

Błąd kontroli dostępu w eScan Management Console (acteScanAVReport)

CVE-2023-31703CRITICAL9.0ten sam produkt

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400...

CVE-2023-31702HIGH7.2ten sam produkt

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote att...

CVE-2023-34835MEDIUM5.4ten sam produkt

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...

CVE-2023-34836MEDIUM5.4ten sam produkt

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...