Description
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
Related CPE's
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
References
https://cwe.mitre.org/data/definitions/522.html
Technical Description
https://www.exploit-db.com/exploits/47819
ExploitThird Party AdvisoryVDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-04-28T15:15:07.917
4 years agoLast modified
2022-10-26T15:15:08.737
2 years ago