Description


A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Weaknesses



CWE-532


CWE-532

CVSS impact metrics


CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

2505284f-8ffb-486c-bf60-e19c1097a90b

Vulnerability status

Analyzed

Published

2024-07-31T17:15:11.860

11 months ago

Last modified

2024-08-27T15:41:15.443

10 months ago