1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dorsett Controls
- Equipment: InfoScan
- Vulnerabilities: Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to expose sensitive information, resulting in data theft and misuse of credentials.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Dorsett Controls products are affected:
- InfoScan: v1.32, v1.33, and v1.35
3.2 Vulnerability Overview
3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.
CVE-2024-42493 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2024-42493. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N).
3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICT
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from All CISA Advisories
Read the original article:
Read the original article: