CVE-2024-55557

Published: Dic 16, 2024 Last Modified: Dic 17, 2024 EU-VD ID: EUVD-2024-52808

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,1284

Percentile

0,9th

Updated

EPSS Score Trend (Last 90 Days)

798

Use of Hard-coded Credentials

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Other

Potential Impacts:

Bypass Protection Mechanism Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Other

Applicable Platforms

Technologies: Mobile, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://apps.microsoft.com/detail/9nhtv46lg4nh?hl=en-us&gl=…

https://apps.microsoft.com/detail/9nhtv46lg4nh?hl=en-us&gl=US

https://github.com/nroduit/Weasis/releases/tag/v4.5.1

https://github.com/partywavesec/CVE-2024-55557

https://www.partywave.site/show/research/CVE-2024-55557%20-…

https://www.partywave.site/show/research/CVE-2024-55557%20-%20Weasis%204.5.1

CVE-2024-55557

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Use of Hard-coded Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter